admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-17T23:00:24.941485+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-17 23:00:28 +00:00
parent 6c803bc474
commit de9df6ab40
37 changed files with 2340 additions and 246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
CVE-2022/CVE-2022-49xx/CVE-2022-4958.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4958",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-11T12:15:42.767",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:42:23.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en qkmc-rk redbbs 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Post Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento title conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250236."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qkmc-rk:redbbs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32FA7E12-C02B-4209-B181-395F66D654D7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qkmc-rk/redbbs/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.250236",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250236",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

143
CVE-2023/CVE-2023-281xx/CVE-2023-28185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28185",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.803",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:16:44.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,156 @@
"value": "Se solucion\u00f3 un desbordamiento de enteros mediante una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 y iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 y iPadOS 15.7.4. Una aplicaci\u00f3n puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "F2BFD09C-A3B8-454F-BADE-9C33A7F8ADFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "79A85DA3-B374-444F-B9A2-7E4F334C26DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "D50B5820-9C42-43AE-8305-7E32AFE1A318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "E33C3BC5-6CFC-4B58-8642-80A9FE00DB24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "408DDE09-2478-4109-B4DA-AEEA7B3BE51A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "AE2C29D7-C8CC-4AA3-A2E4-1FE17737A98B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-376xx/CVE-2023-37644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37644",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T08:15:35.737",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:39:24.333",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "SWFTools 0.9.2 772e55a permite a los atacantes desencadenar un gran intento de asignaci\u00f3n de memoria a trav\u00e9s de un documento manipulado, como lo demuestra pdf2swf. Esto ocurre en png_read_chunk en lib/png.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/202",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-382xx/CVE-2023-38267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38267",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-11T03:15:09.803",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:31:49.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -50,14 +70,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0.0",
"versionEndExcluding": "10.0.0.7",
"matchCriteriaId": "8D82D2F9-DC94-4E53-B39F-FC4F70FF7FC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0.0",
"versionEndExcluding": "10.0.0.7",
"matchCriteriaId": "983FC857-A6E9-40CB-9FC9-A0298685DA96"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260584",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-410xx/CVE-2023-41069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41069",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.150",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:26:06.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,74 @@
"value": "Este problema se solucion\u00f3 mejorando los modelos anti-spoofing de Face ID. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Un modelo 3D construido para parecerse al usuario registrado puede autenticarse a trav\u00e9s de Face ID."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

132
CVE-2023/CVE-2023-410xx/CVE-2023-41075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41075",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.190",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:03:38.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,143 @@
"value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4, iOS 15.7.4 y iPadOS 15.7.4, macOS Monterey 12.6.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "F2BFD09C-A3B8-454F-BADE-9C33A7F8ADFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "79A85DA3-B374-444F-B9A2-7E4F334C26DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "D50B5820-9C42-43AE-8305-7E32AFE1A318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "E33C3BC5-6CFC-4B58-8642-80A9FE00DB24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "408DDE09-2478-4109-B4DA-AEEA7B3BE51A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "AE2C29D7-C8CC-4AA3-A2E4-1FE17737A98B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-419xx/CVE-2023-41974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41974",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.240",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:17:26.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,74 @@
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-428xx/CVE-2023-42828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42828",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.757",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:22:41.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda obtener privilegios de root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.5",
"matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-428xx/CVE-2023-42829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42829",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.803",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:14:33.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,99 @@
"value": "El problema se solucion\u00f3 con restricciones adicionales sobre la observabilidad de los estados de las aplicaciones. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda acceder a frases de contrase\u00f1a SSH."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.9",
"matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.8",
"matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.5",
"matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-428xx/CVE-2023-42832.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42832",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.953",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:16:29.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,99 @@
"value": "Se solucion\u00f3 una condici\u00f3n de ejecuci\u00f3n con un mejor manejo del estado. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda obtener privilegios de root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.9",
"matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.8",
"matchCriteriaId": "A47C992E-C336-403A-A534-E1A33C7338DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.5",
"matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-42xx/CVE-2023-4246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4246",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:46.190",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:47:57.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.33.3",
"matchCriteriaId": "DF28BFE7-F306-4B24-848E-F798C8AC9E9C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/misc-functions.php?rev=2772225#L258",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc5c511f-dc79-468b-a107-cdf50999faf8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-43xx/CVE-2023-4372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4372",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:46.773",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:50:15.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:litespeedtech:litespeed_cache:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.6",
"matchCriteriaId": "22C7B730-D532-4674-8968-13C0CC4BC1B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/litespeedtech/lscache_wp/commit/95a407d9f192b37ac6cf96d2aa50f240e3e6b2d7#diff-7b2c514b58d1b8a71655607bdfab87cedb013bc1b8927ce0b49a89ddf4a7e01cR495",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/litespeed-cache/tags/5.5.1/src/esi.cls.php#L480",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2977143/litespeed-cache#file348",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27026f0f-c85e-4409-9973-4b9cb8a90da5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-495xx/CVE-2023-49594.json
View File

@ -2,16 +2,16 @@
"id": "CVE-2023-49594",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-12-23T20:15:38.250",
"lastModified": "2024-01-03T20:40:02.443",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-17T21:15:11.147",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability."
"value": "An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de desaf\u00edo de instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un usuario que inicia sesi\u00f3n en Keycloak utilizando el complemento DuoUniversalKeycloakAuthenticator desencadena esta vulnerabilidad."
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de desaf\u00edo del complemento instipod DuoUniversalKeycloakAuthenticator 1.0.7. Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un usuario que inicia sesi\u00f3n en Keycloak utilizando el complemento DuoUniversalKeycloakAuthenticator desencadena esta vulnerabilidad."
}
],
"metrics": {

74
CVE-2023/CVE-2023-49xx/CVE-2023-4960.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4960",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:46.930",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:53:01.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wclovers:wcfm_marketplace:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6.2",
"matchCriteriaId": "81D83990-B302-4783-9878-7578C547F2FE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.6.1/core/class-wcfmmp-shortcode.php#L241",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.6.1/views/store-lists/wcfmmp-view-store-lists.php#L207",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3000763/wc-multivendor-marketplace#file999",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f99e9f01-cc98-4af5-bb95-f56f6a550e96?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-49xx/CVE-2023-4962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4962",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:47.093",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:58:45.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-plugins:video_popup:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.3",
"matchCriteriaId": "E5818A7B-1626-4BF9-B2D4-70A4B409D002"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/video-popup/trunk/features/shortcode.php?rev=2928708#L144",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3004434/video-popup",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/670ea03e-2f76-48a4-9f40-bc4cfd987a89?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-511xx/CVE-2023-51126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51126",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.083",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:10:20.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Vulnerabilidad de inyecci\u00f3n de comandos en /usr/www/res.php en FLIR AX8 hasta 1.46.16 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro value."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.46.16",
"matchCriteriaId": "585EFD55-2D2F-4488-AE42-6BA5562FB3A6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4DACB7-0558-4C74-8EDB-39591236ADEE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/risuxx/CVE-2023-51126",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-511xx/CVE-2023-51127.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51127",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.133",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:16:06.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Las c\u00e1maras con sensor t\u00e9rmico FLIR AX8 hasta la versi\u00f3n 1.46.16 incluida son vulnerables a Directory Traversal debido a una restricci\u00f3n de acceso inadecuada. Esta vulnerabilidad permite que un atacante remoto no autenticado obtenga contenidos de archivos confidenciales arbitrarios cargando un archivo de enlace simb\u00f3lico especialmente manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:flir:flir_ax8_firmware:1.46.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF2D4C9-9444-4F42-8729-761A4C5B2670"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4DACB7-0558-4C74-8EDB-39591236ADEE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/risuxx/CVE-2023-51127",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-513xx/CVE-2023-51381.json
View File

@ -2,66 +2,14 @@
"id": "CVE-2023-51381",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-01-16T19:15:08.183",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:15:11.290",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting in the\u00a0tag name pattern field in the tag protections UI in GitHub Enterprise Server\u00a03.8.12, 3.9.7, 3.10.4, 3.11.2\u00a0allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created\u00a0CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in all versions of 3.11.3, 3.10.5, 3.9.8, and 3.8.13. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by GitHub."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
"source": "product-cna@github.com"
}
]
"metrics": {},
"references": []
}

76
CVE-2023/CVE-2023-520xx/CVE-2023-52027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52027",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T09:15:47.250",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:46:49.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Se descubri\u00f3 que TOTOlink A3700R v9.1.2u.5822_B20200513 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n NTPSyncWithHost."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F5D7B3-9362-4A1F-A53C-8B7DA8CAFAA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05777EB4-0963-4317-AB0B-287A2140915D"
}
]
}
]
}
],
"references": [
{
"url": "https://815yang.github.io/2023/12/23/a3700r/TOTOLINKA3700R_NTPSyncWithHost/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-520xx/CVE-2023-52064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52064",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.180",
"lastModified": "2024-01-12T13:15:11.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:08:45.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que Wuzhicms v4.1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro $keywords en /core/admin/copyfrom.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wuzhicms:wuzhi_cms:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4749403-9C42-40DF-A695-A9E31BD37D84"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/208",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5914.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5914",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-17T21:15:11.413",
"lastModified": "2024-01-17T21:15:11.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\u00a0 Cross-site scripting (XSS)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914",
"source": "secure@citrix.com"
}
]
}

16
CVE-2023/CVE-2023-64xx/CVE-2023-6476.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6476",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-09T22:15:43.610",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:15:11.600",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en CRI-O que involucra una anotaci\u00f3n experimental que lleva a que un contenedor no est\u00e9 confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de Kubernetes y potencialmente provocando una denegaci\u00f3n de servicio en el nodo."
}
],
"metrics": {
@ -47,6 +51,14 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0195",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0207",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6476",
"source": "secalert@redhat.com"

55
CVE-2023/CVE-2023-65xx/CVE-2023-6549.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6549",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-17T21:15:11.690",
"lastModified": "2024-01-17T21:15:11.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial of Service\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
"source": "secure@citrix.com"
}
]
}

64
CVE-2023/CVE-2023-65xx/CVE-2023-6598.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6598",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:49.933",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:24:33.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softaculous:speedycache:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.3",
"matchCriteriaId": "C0C59C2B-17CF-41E8-A8A4-1EA2A0572D13"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3010577/speedycache",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-66xx/CVE-2023-6624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6624",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:50.100",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:20:31.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codection:import_and_export_users_and_customers:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.24.3",
"matchCriteriaId": "D52851CF-6163-4300-B89A-4A709CB75944"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3007926%40import-users-from-csv-with-meta%2Ftrunk&old=3007057%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4731eb39-8c01-4a2b-80f7-15d8c13a19b5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-66xx/CVE-2023-6632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6632",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:50.257",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:23:56.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,73 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wedevs:happy_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.10.0",
"matchCriteriaId": "98000F7F-59AF-4945-A89F-A205A366A641"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wedevs:happy_addons_for_elementor:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "2.10.0",
"matchCriteriaId": "63E91952-E3F1-4E2D-9A90-C3CC53BEA548"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/extensions/scroll-to-top.php#L142",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3011757%40happy-elementor-addons%2Ftrunk&old=2987938%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef69f0-34d3-4389-8a81-a4d9922f1468?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-66xx/CVE-2023-6636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6636",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:50.593",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:20:04.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.6.2",
"matchCriteriaId": "2E956FA1-FD4C-4E46-8811-548D9DB1698D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php?rev=3006373#L867",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3009030/greenshift-animation-and-page-builder-blocks/trunk/settings.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-68xx/CVE-2023-6828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6828",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:52.457",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T21:25:53.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reputeinfosystems:arforms_form_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.8",
"matchCriteriaId": "F77C928B-8FB2-4360-9A8B-99CB0B2783B7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3013347@arforms-form-builder/trunk&old=2998602@arforms-form-builder/trunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e349cae-a996-4a32-807a-a98ebcb01edd?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-68xx/CVE-2023-6855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6855",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:52.613",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:11:38.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.12.5",
"matchCriteriaId": "D4FD7670-513A-4A2C-8758-7478323585A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L528",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L997",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3011575/paid-memberships-pro/trunk/includes/rest-api.php?contextall=1&old=2947813&old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-69xx/CVE-2023-6994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6994",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:54.497",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:13:52.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fernandobriano:list_category_posts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.89.3",
"matchCriteriaId": "E560E1C5-23AE-4649-8157-5B0D1D34DA41"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.svn.wordpress.org/list-category-posts/trunk/include/lcp-wrapper.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.svn.wordpress.org/list-category-posts/trunk/list-category-posts.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018689%40list-category-posts&new=3018689%40list-category-posts&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-70xx/CVE-2023-7019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7019",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:54.780",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:28:36.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:lightstart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.8",
"matchCriteriaId": "D554A226-4E57-4D5E-8D1F-151E88C3E642"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3013229/wp-maintenance-mode/trunk/includes/classes/wp-maintenance-mode-admin.php?contextall=1&old=2922691&old_path=%2Fwp-maintenance-mode%2Ftrunk%2Fincludes%2Fclasses%2Fwp-maintenance-mode-admin.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-70xx/CVE-2023-7048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7048",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:55.030",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:32:55.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:premio:my_sticky_bar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.6",
"matchCriteriaId": "4A1A8412-C9CD-4343-B0BD-B7730E37BCEA"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3016780/mystickymenu",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be0ab40f-cff7-48bd-8dae-cc50af047151?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-70xx/CVE-2023-7070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7070",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-11T09:15:55.287",
"lastModified": "2024-01-11T13:57:09.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:40:43.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jannisthuemmig:email_encoder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.9",
"matchCriteriaId": "B85C2389-CD8D-49F7-9CAC-4D5057552512"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/trunk/core/includes/classes/class-email-encoder-bundle-run.php#L518",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/trunk/core/includes/classes/class-email-encoder-bundle-run.php#L529",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019206%40email-encoder-bundle&new=3019206%40email-encoder-bundle&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5afe6ea-93b8-4782-8593-76468e370a45?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-216xx/CVE-2024-21665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21665",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T01:15:45.413",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T22:18:50.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:e-commerce_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.10",
"matchCriteriaId": "48398AC0-C6E1-42B8-84A7-EF1E65C55749"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-224xx/CVE-2024-22410.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22410",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-17T21:15:11.887",
"lastModified": "2024-01-17T21:15:11.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don\u2019t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://github.com/gluwa/creditcoin/security/advisories/GHSA-cx5c-xwcv-vhmq",
"source": "security-advisories@github.com"
},
{
"url": "https://owasp.org/www-community/attacks/Binary_planting",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-224xx/CVE-2024-22414.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22414",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-17T21:15:12.100",
"lastModified": "2024-01-17T21:15:12.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class=\"content\" tag=\"content\">{{comment[2]|safe}}</div>`. Use of the \"safe\" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6",
"source": "security-advisories@github.com"
}
]
}

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-17T21:00:25.298434+00:00
2024-01-17T23:00:24.941485+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-17T20:56:33.957000+00:00
2024-01-17T22:42:23.587000+00:00
```
### Last Data Feed Release
@ -29,50 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236244
236248
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `4`
* [CVE-2022-42884](CVE-2022/CVE-2022-428xx/CVE-2022-42884.json) (`2024-01-17T19:15:08.017`)
* [CVE-2023-7031](CVE-2023/CVE-2023-70xx/CVE-2023-7031.json) (`2024-01-17T19:15:08.293`)
* [CVE-2023-44077](CVE-2023/CVE-2023-440xx/CVE-2023-44077.json) (`2024-01-17T20:15:50.517`)
* [CVE-2023-48858](CVE-2023/CVE-2023-488xx/CVE-2023-48858.json) (`2024-01-17T20:15:50.573`)
* [CVE-2023-6548](CVE-2023/CVE-2023-65xx/CVE-2023-6548.json) (`2024-01-17T20:15:50.627`)
* [CVE-2024-0647](CVE-2024/CVE-2024-06xx/CVE-2024-0647.json) (`2024-01-17T19:15:08.480`)
* [CVE-2023-5914](CVE-2023/CVE-2023-59xx/CVE-2023-5914.json) (`2024-01-17T21:15:11.413`)
* [CVE-2023-6549](CVE-2023/CVE-2023-65xx/CVE-2023-6549.json) (`2024-01-17T21:15:11.690`)
* [CVE-2024-22410](CVE-2024/CVE-2024-224xx/CVE-2024-22410.json) (`2024-01-17T21:15:11.887`)
* [CVE-2024-22414](CVE-2024/CVE-2024-224xx/CVE-2024-22414.json) (`2024-01-17T21:15:12.100`)
### CVEs modified in the last Commit
Recently modified CVEs: `41`
Recently modified CVEs: `32`
* [CVE-2023-50930](CVE-2023/CVE-2023-509xx/CVE-2023-50930.json) (`2024-01-17T20:28:33.167`)
* [CVE-2023-50931](CVE-2023/CVE-2023-509xx/CVE-2023-50931.json) (`2024-01-17T20:29:51.137`)
* [CVE-2023-50932](CVE-2023/CVE-2023-509xx/CVE-2023-50932.json) (`2024-01-17T20:30:07.037`)
* [CVE-2023-48248](CVE-2023/CVE-2023-482xx/CVE-2023-48248.json) (`2024-01-17T20:31:27.257`)
* [CVE-2023-48250](CVE-2023/CVE-2023-482xx/CVE-2023-48250.json) (`2024-01-17T20:31:45.153`)
* [CVE-2023-6504](CVE-2023/CVE-2023-65xx/CVE-2023-6504.json) (`2024-01-17T20:32:01.283`)
* [CVE-2023-48251](CVE-2023/CVE-2023-482xx/CVE-2023-48251.json) (`2024-01-17T20:32:27.957`)
* [CVE-2023-48253](CVE-2023/CVE-2023-482xx/CVE-2023-48253.json) (`2024-01-17T20:35:48.133`)
* [CVE-2023-48252](CVE-2023/CVE-2023-482xx/CVE-2023-48252.json) (`2024-01-17T20:37:04.070`)
* [CVE-2023-6737](CVE-2023/CVE-2023-67xx/CVE-2023-6737.json) (`2024-01-17T20:38:08.660`)
* [CVE-2023-6556](CVE-2023/CVE-2023-65xx/CVE-2023-6556.json) (`2024-01-17T20:39:02.927`)
* [CVE-2023-6742](CVE-2023/CVE-2023-67xx/CVE-2023-6742.json) (`2024-01-17T20:39:17.207`)
* [CVE-2023-6645](CVE-2023/CVE-2023-66xx/CVE-2023-6645.json) (`2024-01-17T20:40:42.557`)
* [CVE-2023-6684](CVE-2023/CVE-2023-66xx/CVE-2023-6684.json) (`2024-01-17T20:41:05.143`)
* [CVE-2023-6520](CVE-2023/CVE-2023-65xx/CVE-2023-6520.json) (`2024-01-17T20:43:01.987`)
* [CVE-2023-6634](CVE-2023/CVE-2023-66xx/CVE-2023-6634.json) (`2024-01-17T20:44:44.217`)
* [CVE-2023-42866](CVE-2023/CVE-2023-428xx/CVE-2023-42866.json) (`2024-01-17T20:46:08.067`)
* [CVE-2023-42833](CVE-2023/CVE-2023-428xx/CVE-2023-42833.json) (`2024-01-17T20:50:04.980`)
* [CVE-2023-42865](CVE-2023/CVE-2023-428xx/CVE-2023-42865.json) (`2024-01-17T20:51:12.820`)
* [CVE-2023-42831](CVE-2023/CVE-2023-428xx/CVE-2023-42831.json) (`2024-01-17T20:51:35.577`)
* [CVE-2023-42862](CVE-2023/CVE-2023-428xx/CVE-2023-42862.json) (`2024-01-17T20:51:42.080`)
* [CVE-2023-42830](CVE-2023/CVE-2023-428xx/CVE-2023-42830.json) (`2024-01-17T20:56:33.957`)
* [CVE-2024-22714](CVE-2024/CVE-2024-227xx/CVE-2024-22714.json) (`2024-01-17T19:22:17.977`)
* [CVE-2024-22715](CVE-2024/CVE-2024-227xx/CVE-2024-22715.json) (`2024-01-17T19:22:17.977`)
* [CVE-2024-0310](CVE-2024/CVE-2024-03xx/CVE-2024-0310.json) (`2024-01-17T20:33:20.540`)
* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-01-17T21:15:11.600`)
* [CVE-2023-42832](CVE-2023/CVE-2023-428xx/CVE-2023-42832.json) (`2024-01-17T21:16:29.277`)
* [CVE-2023-41974](CVE-2023/CVE-2023-419xx/CVE-2023-41974.json) (`2024-01-17T21:17:26.303`)
* [CVE-2023-6636](CVE-2023/CVE-2023-66xx/CVE-2023-6636.json) (`2024-01-17T21:20:04.423`)
* [CVE-2023-6624](CVE-2023/CVE-2023-66xx/CVE-2023-6624.json) (`2024-01-17T21:20:31.500`)
* [CVE-2023-42828](CVE-2023/CVE-2023-428xx/CVE-2023-42828.json) (`2024-01-17T21:22:41.863`)
* [CVE-2023-6632](CVE-2023/CVE-2023-66xx/CVE-2023-6632.json) (`2024-01-17T21:23:56.940`)
* [CVE-2023-6598](CVE-2023/CVE-2023-65xx/CVE-2023-6598.json) (`2024-01-17T21:24:33.233`)
* [CVE-2023-6828](CVE-2023/CVE-2023-68xx/CVE-2023-6828.json) (`2024-01-17T21:25:53.597`)
* [CVE-2023-41069](CVE-2023/CVE-2023-410xx/CVE-2023-41069.json) (`2024-01-17T21:26:06.237`)
* [CVE-2023-38267](CVE-2023/CVE-2023-382xx/CVE-2023-38267.json) (`2024-01-17T21:31:49.663`)
* [CVE-2023-37644](CVE-2023/CVE-2023-376xx/CVE-2023-37644.json) (`2024-01-17T21:39:24.333`)
* [CVE-2023-52027](CVE-2023/CVE-2023-520xx/CVE-2023-52027.json) (`2024-01-17T21:46:49.123`)
* [CVE-2023-4246](CVE-2023/CVE-2023-42xx/CVE-2023-4246.json) (`2024-01-17T21:47:57.160`)
* [CVE-2023-4372](CVE-2023/CVE-2023-43xx/CVE-2023-4372.json) (`2024-01-17T21:50:15.347`)
* [CVE-2023-4960](CVE-2023/CVE-2023-49xx/CVE-2023-4960.json) (`2024-01-17T21:53:01.497`)
* [CVE-2023-4962](CVE-2023/CVE-2023-49xx/CVE-2023-4962.json) (`2024-01-17T21:58:45.003`)
* [CVE-2023-6855](CVE-2023/CVE-2023-68xx/CVE-2023-6855.json) (`2024-01-17T22:11:38.840`)
* [CVE-2023-6994](CVE-2023/CVE-2023-69xx/CVE-2023-6994.json) (`2024-01-17T22:13:52.143`)
* [CVE-2023-51127](CVE-2023/CVE-2023-511xx/CVE-2023-51127.json) (`2024-01-17T22:16:06.427`)
* [CVE-2023-28185](CVE-2023/CVE-2023-281xx/CVE-2023-28185.json) (`2024-01-17T22:16:44.920`)
* [CVE-2023-7019](CVE-2023/CVE-2023-70xx/CVE-2023-7019.json) (`2024-01-17T22:28:36.323`)
* [CVE-2023-7048](CVE-2023/CVE-2023-70xx/CVE-2023-7048.json) (`2024-01-17T22:32:55.657`)
* [CVE-2023-7070](CVE-2023/CVE-2023-70xx/CVE-2023-7070.json) (`2024-01-17T22:40:43.227`)
* [CVE-2024-21665](CVE-2024/CVE-2024-216xx/CVE-2024-21665.json) (`2024-01-17T22:18:50.007`)
## Download and Usage