diff --git a/CVE-2021/CVE-2021-344xx/CVE-2021-34434.json b/CVE-2021/CVE-2021-344xx/CVE-2021-34434.json index 28e53714946..83604c12cea 100644 --- a/CVE-2021/CVE-2021-344xx/CVE-2021-34434.json +++ b/CVE-2021/CVE-2021-344xx/CVE-2021-34434.json @@ -2,8 +2,8 @@ "id": "CVE-2021-34434", "sourceIdentifier": "emo@eclipse.org", "published": "2021-08-30T20:15:07.363", - "lastModified": "2022-10-27T12:48:03.960", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-02T12:15:09.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -149,6 +149,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5511", + "source": "emo@eclipse.org" } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-410xx/CVE-2021-41039.json b/CVE-2021/CVE-2021-410xx/CVE-2021-41039.json index 8667fa38ba2..dbab2ada89c 100644 --- a/CVE-2021/CVE-2021-410xx/CVE-2021-41039.json +++ b/CVE-2021/CVE-2021-410xx/CVE-2021-41039.json @@ -2,8 +2,8 @@ "id": "CVE-2021-41039", "sourceIdentifier": "emo@eclipse.org", "published": "2021-12-01T20:15:07.933", - "lastModified": "2021-12-03T15:58:36.960", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-02T12:15:09.793", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -114,6 +114,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5511", + "source": "emo@eclipse.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json index 3448f5393ff..b0ddaa160b4 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28366", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.790", - "lastModified": "2023-09-15T21:15:09.940", + "lastModified": "2023-10-02T12:15:09.913", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function." + }, + { + "lang": "es", + "value": "El intermediario en Eclipse Mosquitto 1.3.2 hasta 2.x anterior a 2.0.16 tiene una p\u00e9rdida de memoria de la que se puede abusar de forma remota cuando un cliente env\u00eda muchos mensajes QoS 2 con ID de mensajes duplicados y no responde a los comandos PUBREC. Esto ocurre debido a un mal manejo de EAGAIN desde la funci\u00f3n de env\u00edo de libc." } ], "metrics": { @@ -97,6 +101,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5511", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3768.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3768.json index e09b267476d..bfc18adc5a4 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3768.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3768.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3768", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-02T11:15:50.213", - "lastModified": "2023-10-02T11:15:50.213", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services." + }, + { + "lang": "es", + "value": "Vulnerabilidad de validaci\u00f3n de entrada de datos incorrecta, que podr\u00eda permitir a un atacante con acceso a la red implementar t\u00e9cnicas de fuzzing que le permitir\u00edan obtener conocimiento sobre paquetes especialmente manipulados que crear\u00edan una condici\u00f3n DoS a trav\u00e9s del protocolo MMS al iniciar la comunicaci\u00f3n, logrando un reinicio completo del sistema del dispositivo y sus servicios." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41580.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41580.json new file mode 100644 index 00000000000..c8df2a073c3 --- /dev/null +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41580.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41580", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-02T13:15:09.797", + "lastModified": "2023-10-02T13:15:09.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ehtec/phpipam-exploit", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/phpipam/phpipam/commit/c451085476074943eb4056941005c0b61db566c5", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41692.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41692.json index 2a2484f4764..27360caee98 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41692.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41692.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41692", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.273", - "lastModified": "2023-10-02T08:15:38.273", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <=\u00a03 theme." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en Hennessey Digital Attorney theme en versiones <= 3 themas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41728.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41728.json index d16bf14c631..4402f01a7e6 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41728.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41728.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41728", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.580", - "lastModified": "2023-10-02T08:15:38.580", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <=\u00a02.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Rescue Themes Rescue Shortcodes en versiones <= 2.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41729.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41729.json index f27a595a81a..45e670e6270 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41729.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41729.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41729", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.660", - "lastModified": "2023-10-02T08:15:38.660", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <=\u00a01.22.3.31 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento SendPress Newsletters en versiones <= 1.22.3.31." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41731.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41731.json index 65424655892..940a8927925 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41731.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41731.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41731", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.733", - "lastModified": "2023-10-02T08:15:38.733", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <=\u00a01.0.2.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en complemento I Thirteen Web Solution WordPress publish post email notification en versiones <= 1.0.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41733.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41733.json index a8f79df94b1..0d24a73ccce 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41733.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41733.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41733", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.803", - "lastModified": "2023-10-02T08:15:38.803", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability\u00a0in YYDevelopment Back To The Top Button plugin <=\u00a02.1.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento dYYDevelopment Back To The Top Button en versiones <= 2.1.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41734.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41734.json index f2eb550d4c9..286c3a330e0 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41734.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41734.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41734", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.880", - "lastModified": "2023-10-02T08:15:38.880", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <=\u00a01.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento nigauri Insert Estimated Reading Time en versiones <= 1.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41736.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41736.json index ec3dc97924f..2bc74f54e07 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41736.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41736.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41736", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T08:15:38.957", - "lastModified": "2023-10-02T08:15:38.957", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <=\u00a06.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Gopi Ramasamy Email posts to subscribers en versiones <= 6.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41737.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41737.json index 87cc5ddc25f..2900eca6c02 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41737.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41737.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41737", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:11.717", - "lastModified": "2023-10-02T09:15:11.717", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <=\u00a01.2.10 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento WPGens Swifty Bar, sticky bar by WPGens en versiones <= 1.2.10." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41797.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41797.json index 351fdf58a10..ccfd792e6e2 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41797.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41797.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41797", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:11.813", - "lastModified": "2023-10-02T09:15:11.813", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <=\u00a04.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Gold Plugins Locations en versiones <= 4.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json index 42320720eb7..e8f880fa839 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41800.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41800", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:11.890", - "lastModified": "2023-10-02T09:15:11.890", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <=\u00a01.4.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en UniConsent UniConsent CMP para el complemento GDPR CPRA GPP TCF en versiones <= 1.4.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json index b211e425a5a..8e685971051 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41847.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41847", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:11.967", - "lastModified": "2023-10-02T09:15:11.967", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <=\u00a03.1.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento WEN Solutions Notice Bar en versiones <= 3.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json index e4f7982a49f..96dbf3c8c43 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41855.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41855", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.043", - "lastModified": "2023-10-02T09:15:12.043", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <=\u00a00.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Regpacks Regpack en versiones <= 0.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41856.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41856.json index 842393e66a9..9bbb72e13c6 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41856.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41856.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41856", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.117", - "lastModified": "2023-10-02T09:15:12.117", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <=\u00a02.0.14 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento ClickToTweet.Com Click To Tweet en versiones <= 2.0.14." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41859.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41859.json index f539e5e6902..a1838870b62 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41859.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41859.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41859", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.203", - "lastModified": "2023-10-02T09:15:12.203", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <=\u00a01.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Ashok Rane Order Delivery Date for WP e-Commerce en versiones <= 1.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42132.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42132.json index ca03948aade..fed80272f76 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42132.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42132.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42132", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-10-02T05:15:26.470", - "lastModified": "2023-10-02T05:15:26.470", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:39.087", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker." + }, + { + "lang": "es", + "value": "FD Application en la edici\u00f3n de abril de 2022 (versi\u00f3n 9.01) y anteriores, restringe incorrectamente las referencias XML external entities (XXE). Al procesar un archivo XML especialmente manipulado, un atacante puede leer archivos arbitrarios del sistema." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43191.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43191.json index a96207a5119..1ff3b77c3f3 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43191.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43191.json @@ -2,19 +2,79 @@ "id": "CVE-2023-43191", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-27T23:15:11.960", - "lastModified": "2023-09-28T12:44:13.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-02T13:18:20.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft" + }, + { + "lang": "es", + "value": "El mensaje de primer plano de JFinalCMS puede incluir c\u00f3digo malicioso guardado en la base de datos. Cuando los usuarios navegan por los comentarios, estos c\u00f3digos maliciosos incrustados en el HTML se ejecutar\u00e1n y el atacante controlar\u00e1 el navegador del usuario para lograr el prop\u00f3sito especial del atacante, como el robo de cookies." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F34076A4-D906-47FF-A479-CD4F89469925" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/etn0tw/cmscve_test/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json index 62b5e33e830..33ab9b3fe5b 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43740.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43740", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-28T21:15:10.110", - "lastModified": "2023-09-29T15:15:10.227", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-02T12:47:45.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,11 +11,31 @@ }, { "lang": "es", - "value": "Online Book Store Project v1.0 es vulnerable a una vulnerabilidad de carga de archivos insegura en el par\u00e1metro 'imagen' de la p\u00e1gina admin_edit.php, lo que permite a un atacante autenticado obtener la ejecuci\u00f3n remota de c\u00f3digo en el servidor que aloja la aplicaci\u00f3n." + "value": "Online Book Store Project v1.0 es vulnerable a una vulnerabilidad de carga de archivos insegura en el par\u00e1metro 'image' de la p\u00e1gina admin_edit.php, lo que permite a un atacante autenticado obtener la ejecuci\u00f3n remota de c\u00f3digo en el servidor que aloja la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_book_store_project:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "463F9305-8E47-4741-B348-425957649B7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/shagrath", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44144.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44144.json index d23a170a61d..f7fc2beaa35 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44144.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44144.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44144", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:12.577", - "lastModified": "2023-10-02T10:15:12.577", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44145.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44145.json index 61a5d5285e6..7c3d03c9c51 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44145.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44145.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44145", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:12.800", - "lastModified": "2023-10-02T10:15:12.800", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json index 8a308eb8f91..7802fe6ca21 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44228.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44228", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.317", - "lastModified": "2023-10-02T11:15:50.317", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <=\u00a08.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento emergente Gopi Ramasamy Onclick en versiones <= 8.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json index c3c8583303f..3a6a1938a59 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44230.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44230", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.393", - "lastModified": "2023-10-02T11:15:50.393", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <=\u00a07.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento de formulario de contacto Gopi Ramasamy Popup en versiones <= 7.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json index 2f87cae7f01..a9d333744b1 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44239.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44239", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:12.877", - "lastModified": "2023-10-02T10:15:12.877", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44242.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44242.json index 19866f0a2e1..912fa611d06 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44242.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44242.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44242", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.470", - "lastModified": "2023-10-02T11:15:50.470", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <=\u00a01.3.54 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento 2J Slideshow Team Slideshow, Image Slider by 2J en versiones <= 1.3.54." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44244.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44244.json index 6f904a2d0c3..507f7586157 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44244.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44244.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44244", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.277", - "lastModified": "2023-10-02T09:15:12.277", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <=\u00a02.2.44 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento FooPlugins FooGallery en versiones <= 2.2.44." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44245.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44245.json index c5259c1d16b..13e0e95d352 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44245.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44245.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44245", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:12.953", - "lastModified": "2023-10-02T10:15:12.953", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json index ab81b1384c1..1197f2a9758 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44262.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44262", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:13.027", - "lastModified": "2023-10-02T10:15:13.027", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json index 5977e405e63..16ef2c360e5 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44263.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44263", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T10:15:13.107", - "lastModified": "2023-10-02T10:15:13.107", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44264.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44264.json index b9170dc9cd6..4becb156ec0 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44264.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44264.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44264", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.547", - "lastModified": "2023-10-02T11:15:50.547", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed \u2013 Custom Feed plugin <=\u00a02.2.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Arrow Plugins The Awesome Feed \u2013 Custom Feed en versiones <= 2.2.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44265.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44265.json index b5448865670..ba150cbf2fa 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44265.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44265.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44265", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.627", - "lastModified": "2023-10-02T11:15:50.627", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <=\u00a07.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento de formulario de contacto Gopi Ramasamy en versiones <= 7.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44266.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44266.json index b597b2bce88..df0f84f45fe 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44266.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44266.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44266", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T11:15:50.700", - "lastModified": "2023-10-02T11:15:50.700", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <=\u00a03.1.6 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Jewel Theme WP Adminify en versiones <= 3.1.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44464.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44464.json index ea6355c72ce..eb2b86d1b2e 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44464.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44464", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-29T05:15:46.757", - "lastModified": "2023-09-29T12:45:33.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-02T12:51:18.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,88 @@ "value": "pretix antes de 2023.7.2 permite a Pillow analizar archivos EPS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.7.2", + "matchCriteriaId": "AA2101CA-673B-4A5D-91F3-3FD1D1474582" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pretix/pretix/tags", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://pretix.eu/about/en/ticketing", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44474.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44474.json index 383009249e8..c65429b8d08 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44474.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44474.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44474", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.357", - "lastModified": "2023-10-02T09:15:12.357", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms \u2013 Drag and Drop Form Builder plugin <=\u00a02.0.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento MD Jakir Hosen Tiger Forms \u2013 Drag and Drop Form Builder en versiones <= 2.0.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44477.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44477.json index 82bd3c9d6d2..04cd8208241 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44477.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44477.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44477", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.437", - "lastModified": "2023-10-02T09:15:12.437", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <=\u00a01.7.13 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Boxy Studio Cooked en versiones <= 1.7.13." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44479.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44479.json index 6c545e18adf..f572eefd6bc 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44479.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44479.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44479", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-02T09:15:12.513", - "lastModified": "2023-10-02T09:15:12.513", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <=\u00a03.6.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Jim Krill WP Jump Menu en versiones <= 3.6.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json new file mode 100644 index 00000000000..ce6692f3dd9 --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5106.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5106", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-10-02T12:15:09.997", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json index 9aa2aedae9d..1d2022cfe3e 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5157", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-27T15:19:41.807", - "lastModified": "2023-09-27T15:41:51.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-02T13:22:15.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,114 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.4.26", + "matchCriteriaId": "FB28D8FF-695D-44AE-80BF-42AC6AA65081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.0", + "versionEndExcluding": "10.5.17", + "matchCriteriaId": "144984F5-B5E4-4890-B84C-0BD4EBD1A575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.6.0", + "versionEndExcluding": "10.6.9", + "matchCriteriaId": "9397E948-E3C7-4AE0-AB59-D8DF6DC0F85A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.7.0", + "versionEndExcluding": "10.7.5", + "matchCriteriaId": "3E60C79C-A7E6-4AEF-AD29-38BC63149C60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.8.0", + "versionEndExcluding": "10.8.4", + "matchCriteriaId": "EB9F7573-E888-42B6-8B57-CAF26300CC16" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-5157", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240246", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json index 12d7163eb57..b42b71dfcc2 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5160.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5160", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-10-02T11:15:50.813", - "lastModified": "2023-10-02T11:15:50.813", - "vulnStatus": "Received", + "lastModified": "2023-10-02T12:57:34.287", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing\u00a0a member to get the full name of another user even if the Show Full Name option was disabled\n\n\n" + }, + { + "lang": "es", + "value": "Mattermost no marca la opci\u00f3n \"Show Full Name\" en el endpoint /api/v4/teams/TEAM_ID/top/team_members, lo que permite a un miembro obtener el nombre completo de otro usuario incluso si la opci\u00f3n \"Show Full Name\" est\u00e1 deshabilitada." } ], "metrics": { diff --git a/README.md b/README.md index bda1f83ddeb..c7a7bfb5285 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-02T12:00:25.054241+00:00 +2023-10-02T14:00:24.670488+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-02T11:15:50.813000+00:00 +2023-10-02T13:22:15.330000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226747 +226749 ``` ### CVEs added in the last Commit -Recently added CVEs: `14` +Recently added CVEs: `2` -* [CVE-2023-44144](CVE-2023/CVE-2023-441xx/CVE-2023-44144.json) (`2023-10-02T10:15:12.577`) -* [CVE-2023-44145](CVE-2023/CVE-2023-441xx/CVE-2023-44145.json) (`2023-10-02T10:15:12.800`) -* [CVE-2023-44239](CVE-2023/CVE-2023-442xx/CVE-2023-44239.json) (`2023-10-02T10:15:12.877`) -* [CVE-2023-44245](CVE-2023/CVE-2023-442xx/CVE-2023-44245.json) (`2023-10-02T10:15:12.953`) -* [CVE-2023-44262](CVE-2023/CVE-2023-442xx/CVE-2023-44262.json) (`2023-10-02T10:15:13.027`) -* [CVE-2023-44263](CVE-2023/CVE-2023-442xx/CVE-2023-44263.json) (`2023-10-02T10:15:13.107`) -* [CVE-2023-3768](CVE-2023/CVE-2023-37xx/CVE-2023-3768.json) (`2023-10-02T11:15:50.213`) -* [CVE-2023-44228](CVE-2023/CVE-2023-442xx/CVE-2023-44228.json) (`2023-10-02T11:15:50.317`) -* [CVE-2023-44230](CVE-2023/CVE-2023-442xx/CVE-2023-44230.json) (`2023-10-02T11:15:50.393`) -* [CVE-2023-44242](CVE-2023/CVE-2023-442xx/CVE-2023-44242.json) (`2023-10-02T11:15:50.470`) -* [CVE-2023-44264](CVE-2023/CVE-2023-442xx/CVE-2023-44264.json) (`2023-10-02T11:15:50.547`) -* [CVE-2023-44265](CVE-2023/CVE-2023-442xx/CVE-2023-44265.json) (`2023-10-02T11:15:50.627`) -* [CVE-2023-44266](CVE-2023/CVE-2023-442xx/CVE-2023-44266.json) (`2023-10-02T11:15:50.700`) -* [CVE-2023-5160](CVE-2023/CVE-2023-51xx/CVE-2023-5160.json) (`2023-10-02T11:15:50.813`) +* [CVE-2023-5106](CVE-2023/CVE-2023-51xx/CVE-2023-5106.json) (`2023-10-02T12:15:09.997`) +* [CVE-2023-41580](CVE-2023/CVE-2023-415xx/CVE-2023-41580.json) (`2023-10-02T13:15:09.797`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `40` +* [CVE-2023-44263](CVE-2023/CVE-2023-442xx/CVE-2023-44263.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-3768](CVE-2023/CVE-2023-37xx/CVE-2023-3768.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-44228](CVE-2023/CVE-2023-442xx/CVE-2023-44228.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-44230](CVE-2023/CVE-2023-442xx/CVE-2023-44230.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-44242](CVE-2023/CVE-2023-442xx/CVE-2023-44242.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-44264](CVE-2023/CVE-2023-442xx/CVE-2023-44264.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-44265](CVE-2023/CVE-2023-442xx/CVE-2023-44265.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-44266](CVE-2023/CVE-2023-442xx/CVE-2023-44266.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-5160](CVE-2023/CVE-2023-51xx/CVE-2023-5160.json) (`2023-10-02T12:57:34.287`) +* [CVE-2023-42132](CVE-2023/CVE-2023-421xx/CVE-2023-42132.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41692](CVE-2023/CVE-2023-416xx/CVE-2023-41692.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41728](CVE-2023/CVE-2023-417xx/CVE-2023-41728.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41729](CVE-2023/CVE-2023-417xx/CVE-2023-41729.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41731](CVE-2023/CVE-2023-417xx/CVE-2023-41731.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41733](CVE-2023/CVE-2023-417xx/CVE-2023-41733.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41734](CVE-2023/CVE-2023-417xx/CVE-2023-41734.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41736](CVE-2023/CVE-2023-417xx/CVE-2023-41736.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41737](CVE-2023/CVE-2023-417xx/CVE-2023-41737.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41797](CVE-2023/CVE-2023-417xx/CVE-2023-41797.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41800](CVE-2023/CVE-2023-418xx/CVE-2023-41800.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41847](CVE-2023/CVE-2023-418xx/CVE-2023-41847.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41855](CVE-2023/CVE-2023-418xx/CVE-2023-41855.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-41856](CVE-2023/CVE-2023-418xx/CVE-2023-41856.json) (`2023-10-02T12:57:39.087`) +* [CVE-2023-43191](CVE-2023/CVE-2023-431xx/CVE-2023-43191.json) (`2023-10-02T13:18:20.010`) +* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-10-02T13:22:15.330`) ## Download and Usage