admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-12T15:00:25.363452+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-12 15:00:29 +00:00
parent 5c56cb0259
commit df20261cd3
163 changed files with 3775 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2016/CVE-2016-200xx/CVE-2016-20021.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2016-20021",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T03:15:08.410",
"lastModified": "2024-01-12T03:15:08.410",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification."
},
{
"lang": "es",
"value": "En Gentoo Portage anterior a 3.0.47, falta la validaci\u00f3n PGP del c\u00f3digo ejecutado: el emerge-webrsync independiente descarga un archivo .gpgsig pero no realiza la verificaci\u00f3n de firma."
}
],
"metrics": {},

6
CVE-2022/CVE-2022-393xx/CVE-2022-39316.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39316",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T20:15:10.180",
"lastModified": "2023-11-17T19:15:08.313",
"lastModified": "2024-01-12T13:15:09.007",
"vulnStatus": "Modified",
"descriptions": [
{
@ -145,6 +145,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

10
CVE-2022/CVE-2022-393xx/CVE-2022-39317.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39317",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T21:15:10.300",
"lastModified": "2023-11-07T03:50:25.973",
"lastModified": "2024-01-12T13:15:09.160",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 2.5
},
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -133,6 +133,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2022/CVE-2022-393xx/CVE-2022-39318.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39318",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T21:15:10.407",
"lastModified": "2023-11-17T19:15:08.413",
"lastModified": "2024-01-12T13:15:09.290",
"vulnStatus": "Modified",
"descriptions": [
{
@ -149,6 +149,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2022/CVE-2022-393xx/CVE-2022-39319.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39319",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T21:15:10.493",
"lastModified": "2023-11-17T19:15:08.520",
"lastModified": "2024-01-12T13:15:09.407",
"vulnStatus": "Modified",
"descriptions": [
{
@ -145,6 +145,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

10
CVE-2022/CVE-2022-393xx/CVE-2022-39320.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39320",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T20:15:10.290",
"lastModified": "2023-11-07T03:50:26.330",
"lastModified": "2024-01-12T13:15:09.527",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 2.5
},
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "a0819718-46f1-4df5-94e2-005712e83aaa",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -133,6 +133,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2022/CVE-2022-393xx/CVE-2022-39347.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39347",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T20:15:10.367",
"lastModified": "2023-11-17T19:15:08.620",
"lastModified": "2024-01-12T13:15:09.620",
"vulnStatus": "Modified",
"descriptions": [
{
@ -145,6 +145,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2022/CVE-2022-418xx/CVE-2022-41877.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41877",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-16T20:15:10.507",
"lastModified": "2023-11-17T19:15:08.720",
"lastModified": "2024-01-12T13:15:09.730",
"vulnStatus": "Modified",
"descriptions": [
{
@ -145,6 +145,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2022/CVE-2022-486xx/CVE-2022-48619.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-48619",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T03:15:08.633",
"lastModified": "2024-01-12T03:15:08.633",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en drivers/input/input.c en el kernel de Linux anterior a la versi\u00f3n 5.17.10. Un atacante puede provocar una denegaci\u00f3n de servicio (p\u00e1nico) porque input_set_capability maneja mal la situaci\u00f3n en la que un c\u00f3digo de evento queda fuera de un mapa de bits."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-486xx/CVE-2022-48620.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-48620",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T04:15:08.123",
"lastModified": "2024-01-12T04:15:08.123",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number."
},
{
"lang": "es",
"value": "uev (aka libuev) anterior a 2.4.1 tiene un desbordamiento de b\u00fafer en epoll_wait si maxevents es un n\u00famero grande."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-49xx/CVE-2022-4959.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4959",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-11T21:15:09.617",
"lastModified": "2024-01-11T21:15:09.617",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250237 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en qkmc-rk redbbs 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Nickname Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250237."
}
],
"metrics": {

8
CVE-2022/CVE-2022-49xx/CVE-2022-4960.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4960",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T03:15:08.683",
"lastModified": "2024-01-12T03:15:08.683",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en cloudfavorites-web 1.3.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Nickname Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250238 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2022/CVE-2022-49xx/CVE-2022-4961.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4961",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T05:15:09.263",
"lastModified": "2024-01-12T05:15:09.263",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\\src\\main\\resources\\com\\platform\\dao\\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Weitong Mall 1.0.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo platform-shop\\src\\main\\resources\\com\\platform\\dao\\OrderDao.xml es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento sidx/order conduce a la inyecci\u00f3n de SQL. El identificador asociado de esta vulnerabilidad es VDB-250243."
}
],
"metrics": {

55
CVE-2023/CVE-2023-04xx/CVE-2023-0437.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0437",
"sourceIdentifier": "cna@mongodb.com",
"published": "2024-01-12T14:15:47.387",
"lastModified": "2024-01-12T14:15:47.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When calling bson_utf8_validate\u00a0on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@mongodb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@mongodb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://jira.mongodb.org/browse/CDRIVER-4747",
"source": "cna@mongodb.com"
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2030.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2030",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:47.833",
"lastModified": "2024-01-12T14:15:47.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407252",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1929929",
"source": "cve@gitlab.com"
}
]
}

8
CVE-2023/CVE-2023-260xx/CVE-2023-26031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26031",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-16T09:15:06.920",
"lastModified": "2023-12-01T19:02:52.857",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:47.603",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -102,6 +102,10 @@
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0001/",
"source": "security@apache.org"
}
]
}

269
CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29048",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:19.893",
"lastModified": "2024-01-12T07:15:10.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T14:09:06.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -50,22 +80,249 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
"matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
"matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
"matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
"matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
"matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
"matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
"matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
"matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
"matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
"matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
"matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
"matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
"matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*",
"matchCriteriaId": "3A67F528-0248-4E24-A5AB-2995ED7D2600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev35:*:*:*:*:*:*",
"matchCriteriaId": "AE090C73-E093-4BD9-BEFE-634179500A78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev36:*:*:*:*:*:*",
"matchCriteriaId": "0A7CF0F7-5DF5-4749-A777-0F9EDCD14EA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev37:*:*:*:*:*:*",
"matchCriteriaId": "EBE620A7-F071-4412-B0CE-7BCBF3BD7311"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev50:*:*:*:*:*:*",
"matchCriteriaId": "1D7A5899-0795-452E-8B43-75C266AE6B88"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/3",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

244
CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29049",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.120",
"lastModified": "2024-01-12T07:15:11.103",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T14:16:38.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -50,22 +80,224 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
"matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
"matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
"matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
"matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
"matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
"matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
"matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
"matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
"matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
"matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
"matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
"matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
"matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/3",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

274
CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29050",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.300",
"lastModified": "2024-01-12T07:15:11.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T14:24:21.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -50,22 +80,254 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
"matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
"matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
"matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
"matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
"matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
"matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
"matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
"matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
"matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
"matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
"matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
"matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
"matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*",
"matchCriteriaId": "3A67F528-0248-4E24-A5AB-2995ED7D2600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev35:*:*:*:*:*:*",
"matchCriteriaId": "AE090C73-E093-4BD9-BEFE-634179500A78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev36:*:*:*:*:*:*",
"matchCriteriaId": "0A7CF0F7-5DF5-4749-A777-0F9EDCD14EA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev37:*:*:*:*:*:*",
"matchCriteriaId": "EBE620A7-F071-4412-B0CE-7BCBF3BD7311"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev50:*:*:*:*:*:*",
"matchCriteriaId": "1D7A5899-0795-452E-8B43-75C266AE6B88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F1CDFA-09DF-40ED-8E60-835032C89924"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/3",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

243
CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29052",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.680",
"lastModified": "2024-01-12T07:15:11.477",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T14:27:55.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -50,22 +80,223 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
"matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
"matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
"matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
"matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
"matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
"matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
"matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
"matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
"matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
"matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
"matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
"matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
"matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*",
"matchCriteriaId": "3A67F528-0248-4E24-A5AB-2995ED7D2600"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/4",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-292xx/CVE-2023-29258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29258",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-04T02:15:06.647",
"lastModified": "2023-12-07T17:34:54.053",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:47.713",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -137,6 +137,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0002/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7087218",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-300xx/CVE-2023-30014.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30014",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T09:15:43.927",
"lastModified": "2024-01-12T09:15:43.927",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro sub_event_id en sub_event_stat_update.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-300xx/CVE-2023-30015.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30015",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T09:15:44.040",
"lastModified": "2024-01-12T09:15:44.040",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro txtsearch en review_search.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-300xx/CVE-2023-30016.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30016",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T09:15:44.083",
"lastModified": "2024-01-12T09:15:44.083",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en oretnom23 Judging Management System v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro sub_event_id en sub_event_details_edit.php."
}
],
"metrics": {},

10
CVE-2023/CVE-2023-312xx/CVE-2023-31211.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31211",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-01-12T08:15:43.137",
"lastModified": "2024-01-12T08:15:43.137",
"vulnStatus": "Received",
"lastModified": "2024-01-12T14:15:48.050",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows attacker to use locked credentials"
"value": "Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials"
},
{
"lang": "es",
"value": "El flujo de autenticaci\u00f3n insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas"
}
],
"metrics": {

8
CVE-2023/CVE-2023-340xx/CVE-2023-34061.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34061",
"sourceIdentifier": "security@vmware.com",
"published": "2024-01-12T07:15:11.747",
"lastModified": "2024-01-12T07:15:11.747",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementaci\u00f3n de Cloud Foundry."
}
],
"metrics": {

8
CVE-2023/CVE-2023-368xx/CVE-2023-36842.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36842",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-12T01:15:45.820",
"lastModified": "2024-01-12T01:15:45.820",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS).\n\nOn Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R2.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una verificaci\u00f3n inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en Juniper DHCP Daemon (jdhcpd) de Juniper Networks Junos OS permite que un atacante adyacente no autenticado haga que jdhcpd consuma todos los ciclos de la CPU, lo que resulta en una denegaci\u00f3n de servicio (DoS). En dispositivos Junos OS con forward-snooped-client configurado, si un atacante env\u00eda un paquete DHCP espec\u00edfico a una interfaz no configurada, esto provocar\u00e1 un bucle infinito. Ser\u00e1 necesario reiniciar el proceso DHCP para recuperar el servicio. Este problema afecta a: Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3; * Versiones 23.2 anteriores a 23.2R2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-371xx/CVE-2023-37117.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37117",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T07:15:12.077",
"lastModified": "2024-01-12T07:15:12.077",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de use after free del mont\u00f3n en live555 versi\u00f3n 2023.05.10 mientras se manejaba el SETUP."
}
],
"metrics": {},

12
CVE-2023/CVE-2023-393xx/CVE-2023-39350.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39350",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.170",
"lastModified": "2023-10-18T14:56:44.890",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:09.857",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n libre del Protocolo de Escritorio Remoto (RDP), publicado bajo la licencia Apache. Este problema afecta s\u00f3lo a los clientes. Desbordamiento incompleto de enteros que conduce al DOS (por ejemplo, aborto debido a `WINPR_ASSERT` con los indicadores de compilaci\u00f3n predeterminados). Cuando se proporciona un blockLen insuficiente y no se realiza la validaci\u00f3n de longitud adecuada, se produce un desbordamiento de enteros, lo que provoca una vulnerabilidad de denegaci\u00f3n de servicio (DOS). Este problema se ha solucionado en las versiones 2.11.0 y 3.0.0-beta3. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad."
}
],
"metrics": {
@ -168,6 +172,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39351",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.280",
"lastModified": "2023-10-18T14:57:07.010",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:09.997",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -161,6 +161,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39352",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T21:15:07.873",
"lastModified": "2023-10-18T14:49:47.823",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.110",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -168,6 +168,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39353",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T21:15:08.213",
"lastModified": "2023-10-18T13:43:53.717",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.223",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -168,6 +168,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39354",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.367",
"lastModified": "2023-10-18T14:11:33.407",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.327",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -168,6 +168,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39355",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.457",
"lastModified": "2023-10-20T19:25:35.660",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.440",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -126,6 +126,10 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-393xx/CVE-2023-39356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39356",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T21:15:08.390",
"lastModified": "2023-10-18T13:45:00.427",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.560",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -182,6 +182,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-401xx/CVE-2023-40181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40181",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:07.860",
"lastModified": "2023-10-18T13:50:49.010",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.680",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -179,6 +179,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-401xx/CVE-2023-40186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40186",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.303",
"lastModified": "2023-10-18T14:55:58.577",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.787",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -186,6 +186,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-401xx/CVE-2023-40187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40187",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.417",
"lastModified": "2023-09-07T15:40:05.617",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.897",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -113,6 +113,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-401xx/CVE-2023-40188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40188",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.523",
"lastModified": "2023-10-18T14:09:58.447",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:10.997",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -168,6 +168,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-402xx/CVE-2023-40250.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40250",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-12T02:15:44.380",
"lastModified": "2024-01-12T02:15:44.380",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('desbordamiento de b\u00fafer cl\u00e1sico') en Hancom HCell en Windows permite desbordamiento de b\u00faferes. Este problema afecta a HCell: 12.0.0.893."
}
],
"metrics": {

8
CVE-2023/CVE-2023-403xx/CVE-2023-40362.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40362",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T08:15:43.467",
"lastModified": "2024-01-12T08:15:43.467",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CentralSquare Click2Gov Building Permit antes de octubre de 2023. La falta de protecciones de control de acceso permite a atacantes remotos eliminar arbitrariamente a los contratistas de la cuenta de cualquier usuario cuando se conoce la identificaci\u00f3n del usuario y la informaci\u00f3n del contratista."
}
],
"metrics": {},

65
CVE-2023/CVE-2023-404xx/CVE-2023-40411.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40411",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.643",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:41:51.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Este problema se solucion\u00f3 mejorando la protecci\u00f3n de datos. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-404xx/CVE-2023-40430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40430",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.740",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:01.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a vol\u00famenes extra\u00edbles sin el consentimiento del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-405xx/CVE-2023-40567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40567",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.613",
"lastModified": "2023-10-18T13:26:43.380",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:11.090",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -175,6 +175,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-405xx/CVE-2023-40569.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40569",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.707",
"lastModified": "2023-10-18T13:37:50.007",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:11.203",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -168,6 +168,10 @@
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-405xx/CVE-2023-40574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40574",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.793",
"lastModified": "2023-09-07T15:24:25.010",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:11.310",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-405xx/CVE-2023-40575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40575",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.877",
"lastModified": "2023-09-07T15:18:56.130",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:11.403",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-405xx/CVE-2023-40576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40576",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.970",
"lastModified": "2023-09-07T14:50:27.893",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:11.493",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-405xx/CVE-2023-40589.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40589",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T19:15:11.360",
"lastModified": "2023-10-13T01:08:04.113",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T13:15:11.610",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -181,6 +181,10 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"source": "security-advisories@github.com"
}
]
}

249
CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41710",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.883",
"lastModified": "2024-01-12T07:15:12.140",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T13:56:25.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -50,22 +80,229 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
"matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
"matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
"matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
"matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
"matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
"matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
"matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
"matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
"matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
"matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
"matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
"matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
"matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*",
"matchCriteriaId": "3A67F528-0248-4E24-A5AB-2995ED7D2600"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/4",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

65
CVE-2023/CVE-2023-419xx/CVE-2023-41987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41987",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.290",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:06.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-419xx/CVE-2023-41994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41994",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.640",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:23.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se solucion\u00f3 un problema l\u00f3gico con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una extensi\u00f3n de c\u00e1mara pueda acceder a la vista de la c\u00e1mara desde aplicaciones distintas de aquella para la que se le otorg\u00f3 permiso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-428xx/CVE-2023-42826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42826",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:49.707",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:28.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. El procesamiento de un archivo puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-428xx/CVE-2023-42876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42876",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.370",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:40.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El problema se solucion\u00f3 con comprobaciones de l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14. Procesar un archivo puede provocar una denegaci\u00f3n de servicio o potencialmente revelar el contenido de la memoria."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-429xx/CVE-2023-42929.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42929",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.417",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:35.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-429xx/CVE-2023-42933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42933",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.460",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:42:31.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda obtener privilegios elevados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-451xx/CVE-2023-45178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45178",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-03T18:15:42.273",
"lastModified": "2023-12-07T14:40:01.177",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:48.183",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -116,6 +116,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0004/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7087207",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-452xx/CVE-2023-45287.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45287",
"sourceIdentifier": "security@golang.org",
"published": "2023-12-05T17:15:08.570",
"lastModified": "2023-12-12T16:26:44.020",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:48.310",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -104,6 +104,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0005/",
"source": "security@golang.org"
}
]
}

8
CVE-2023/CVE-2023-461xx/CVE-2023-46167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46167",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-04T01:15:12.147",
"lastModified": "2023-12-07T16:18:54.230",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:48.413",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -130,6 +130,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0003/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7087203",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-464xx/CVE-2023-46474.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46474",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T22:15:45.713",
"lastModified": "2024-01-11T22:15:45.713",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos PMB v.7.4.8 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de un archivo PHP manipulado subido al archivo start_import.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-489xx/CVE-2023-48909.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48909",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T09:15:44.133",
"lastModified": "2024-01-12T09:15:44.133",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Jave2 versi\u00f3n 3.3.1 que permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n FFmpeg."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-48xx/CVE-2023-4812.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4812",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:48.510",
"lastModified": "2024-01-12T14:15:48.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424398",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2115574",
"source": "cve@gitlab.com"
}
]
}

4
CVE-2023/CVE-2023-495xx/CVE-2023-49568.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49568",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-01-12T11:15:12.680",
"lastModified": "2024-01-12T11:15:12.680",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-495xx/CVE-2023-49569.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49569",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-01-12T11:15:13.250",
"lastModified": "2024-01-12T11:15:13.250",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-501xx/CVE-2023-50123.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50123",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.573",
"lastModified": "2024-01-11T21:15:10.573",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state."
},
{
"lang": "es",
"value": "El n\u00famero de intentos para desarmar Hozard Alarm system (alarmsystemen) v1.0 no est\u00e1 limitado. Esto podr\u00eda permitir a un atacante realizar una fuerza bruta en la autenticaci\u00f3n por SMS para desarmar el sistema de alarma."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50124.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50124",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.630",
"lastModified": "2024-01-11T21:15:10.630",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner."
},
{
"lang": "es",
"value": "Flient Smart Door Lock v1.0 es vulnerable al uso de credenciales predeterminadas. Debido a las credenciales predeterminadas en una interfaz de depuraci\u00f3n, en combinaci\u00f3n con ciertas opciones de dise\u00f1o, un atacante puede desbloquear Flient Smart Door Lock reemplazando la huella digital almacenada en el esc\u00e1ner."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50125.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50125",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.680",
"lastModified": "2024-01-11T21:15:10.680",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state."
},
{
"lang": "es",
"value": "Una contrase\u00f1a de ingeniero predeterminada establecida en Hozard alarm system (Alarmsysteem) v1.0 permite a un atacante desarmar el sistema de alarma."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50126.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50126",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.723",
"lastModified": "2024-01-11T21:15:10.723",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state."
},
{
"lang": "es",
"value": "La falta de cifrado en las etiquetas RFID del sistema de alarma Hozard (Alarmsysteem) v1.0 permite a los atacantes crear una etiqueta clonada mediante una breve proximidad f\u00edsica a una de las etiquetas originales, lo que da como resultado que un atacante pueda desarmar el sistema de alarma"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50127.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50127",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.770",
"lastModified": "2024-01-11T21:15:10.770",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number."
},
{
"lang": "es",
"value": "El sistema de alarma Hozard (Alarmsysteem) v1.0 es vulnerable a una autenticaci\u00f3n incorrecta. Los comandos enviados a trav\u00e9s de la funcionalidad SMS se aceptan desde n\u00fameros de tel\u00e9fono aleatorios, lo que permite a un atacante desarmar el sistema de alarma desde cualquier n\u00famero de tel\u00e9fono determinado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50128.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50128",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.817",
"lastModified": "2024-01-11T21:15:10.817",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state."
},
{
"lang": "es",
"value": "El sistema remoto sin llave del sistema de Hozard alarm system (alarmsystemen) v1.0 env\u00eda una se\u00f1al de radiofrecuencia id\u00e9ntica para cada solicitud, lo que da como resultado que un atacante pueda realizar ataques de repetici\u00f3n para desarmar el sistema de alarma."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50129.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50129",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T21:15:10.867",
"lastModified": "2024-01-11T21:15:10.867",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter."
},
{
"lang": "es",
"value": "La falta de cifrado en las etiquetas NFC de Flient Smart Door Lock v1.0 permite a los atacantes crear una etiqueta clonada mediante una breve proximidad f\u00edsica a las etiquetas originales, lo que da como resultado que el atacante obtenga acceso al per\u00edmetro."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-506xx/CVE-2023-50671.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50671",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T17:15:08.557",
"lastModified": "2024-01-11T17:15:08.557",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address."
},
{
"lang": "es",
"value": "En exiftags 1.01, nikon_prop1 en nikon.c tiene un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria (escritura de tama\u00f1o 28) porque snprintf puede escribir en una direcci\u00f3n inesperada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-509xx/CVE-2023-50919.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50919",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T08:15:43.533",
"lastModified": "2024-01-12T08:15:43.533",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en dispositivos GL.iNet anteriores a la versi\u00f3n 4.5.0. Existe una omisi\u00f3n de autenticaci\u00f3n NGINX mediante la coincidencia de patrones de cadenas Lua. Esto afecta a A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7 y B1300 4.3.7."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-509xx/CVE-2023-50920.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50920",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T08:15:43.590",
"lastModified": "2024-01-12T08:15:43.590",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en dispositivos GL.iNet anteriores a la versi\u00f3n 4.5.0. Asignan el mismo ID de sesi\u00f3n despu\u00e9s de reiniciar cada usuario, lo que permite a los atacantes compartir identificadores de sesi\u00f3n entre diferentes sesiones y omitir las medidas de autenticaci\u00f3n o control de acceso. Los atacantes pueden hacerse pasar por usuarios leg\u00edtimos o realizar acciones no autorizadas. Esto afecta a A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7 y B1300 4.3.7."
}
],
"metrics": {},

63
CVE-2023/CVE-2023-50xx/CVE-2023-5091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5091",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-01-08T10:15:11.233",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T13:39:11.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad de Use After Free en Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de GPU incorrectas para obtener acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU de Valhall: desde r37p0 hasta r40p0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -27,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r37p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "06079983-073D-4714-9C72-1E0FA60213A0"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-513xx/CVE-2023-51350.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51350",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T23:15:08.570",
"lastModified": "2024-01-11T23:15:08.570",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header."
},
{
"lang": "es",
"value": "Un ataque de suplantaci\u00f3n de identidad en ujcms v.8.0.2 permite a un atacante remoto obtener informaci\u00f3n confidencial y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script dise\u00f1ado para la funci\u00f3n X-Forwarded-For en el encabezado."
}
],
"metrics": {},

47
CVE-2023/CVE-2023-515xx/CVE-2023-51539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51539",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T10:15:11.370",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:40:09.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apollo13themes:apollo13_framework_extensions:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.1",
"matchCriteriaId": "080EC94F-5BAC-4EB6-AB79-19756DFD140C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-517xx/CVE-2023-51780.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51780",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T19:15:12.500",
"lastModified": "2024-01-11T21:15:10.960",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. do_vcc_ioctl en net/atm/ioctl.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n vcc_recvmsg."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-517xx/CVE-2023-51781.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51781",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T19:15:12.553",
"lastModified": "2024-01-11T21:15:11.007",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. atalk_ioctl en net/appletalk/ddp.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n atalk_recvmsg."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-517xx/CVE-2023-51782.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51782",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-11T19:15:12.727",
"lastModified": "2024-01-11T21:15:11.050",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.6.8. rose_ioctl en net/rose/af_rose.c tiene un use after free debido a una condici\u00f3n de ejecuci\u00f3n rose_accept."
}
],
"metrics": {},

28
CVE-2023/CVE-2023-517xx/CVE-2023-51790.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-51790",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T13:15:11.733",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting en piwigo v.14.0.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro lang en el componente del complemento Herramientas de Administrador."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Piwigo/AdminTools/issues/21",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Piwigo/Piwigo/issues/2069",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-518xx/CVE-2023-51806.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-51806",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T13:15:11.807",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en Ujcms v.8.0.2 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ujcms/ujcms",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ujcms/ujcms/issues/8",
"source": "cve@mitre.org"
},
{
"url": "https://www.ujcms.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-520xx/CVE-2023-52026.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52026",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T13:15:11.860",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOlink EX1800T V9.1.0cu.2112_B20220316 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s del par\u00e1metro telnet_enabled de la interfaz setTelnetCfg"
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setTelnetCfg/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-520xx/CVE-2023-52064.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52064",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T21:15:09.180",
"lastModified": "2024-01-11T13:57:35.163",
"lastModified": "2024-01-12T13:15:11.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/208",
"source": "cve@mitre.org"

47
CVE-2023/CVE-2023-521xx/CVE-2023-52145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52145",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-05T09:15:10.117",
"lastModified": "2024-01-05T11:54:11.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:39:24.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariosalexandrou:republish_old_posts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.21",
"matchCriteriaId": "C0BAAC15-B96E-44F4-8331-DB2FD7576FF3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/republish-old-posts/wordpress-republish-old-posts-plugin-1-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-523xx/CVE-2023-52339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52339",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T02:15:44.637",
"lastModified": "2024-01-12T02:15:44.637",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows."
},
{
"lang": "es",
"value": "En libebml anterior a 1.4.5, puede ocurrir un desbordamiento de enteros en MemIOCallback.cpp al leer o escribir. Puede provocar desbordamientos de b\u00fafer."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-53xx/CVE-2023-5356.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5356",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:48.707",
"lastModified": "2024-01-12T14:15:48.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2188868",
"source": "cve@gitlab.com"
}
]
}

8
CVE-2023/CVE-2023-60xx/CVE-2023-6040.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6040",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-01-12T02:15:44.683",
"lastModified": "2024-01-12T03:15:09.153",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access."
},
{
"lang": "es",
"value": "Se inform\u00f3 y solucion\u00f3 una vulnerabilidad de acceso fuera de los l\u00edmites que involucraba a netfilter como: f1082dd31fe4 (netfilter: nf_tables: Rechazar tablas de familia no admitida); Al crear una nueva tabla netfilter, la falta de protecci\u00f3n contra valores no v\u00e1lidos de la familia nf_tables (pf) dentro de la funci\u00f3n `nf_tables_newtable` permite a un atacante lograr un acceso fuera de los l\u00edmites."
}
],
"metrics": {

8
CVE-2023/CVE-2023-63xx/CVE-2023-6337.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6337",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-12-08T22:15:07.713",
"lastModified": "2023-12-13T18:06:18.783",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:48.907",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -153,6 +153,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0006/",
"source": "security@hashicorp.com"
}
]
}

8
CVE-2023/CVE-2023-65xx/CVE-2023-6534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6534",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-12-13T09:15:34.680",
"lastModified": "2023-12-19T15:27:29.937",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:49.000",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -184,6 +184,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0007/",
"source": "secteam@freebsd.org"
}
]
}

10
CVE-2023/CVE-2023-67xx/CVE-2023-6735.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6735",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-01-12T08:15:43.650",
"lastModified": "2024-01-12T08:15:43.650",
"vulnStatus": "Received",
"lastModified": "2024-01-12T14:15:49.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows local user to escalate privileges"
"value": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges"
},
{
"lang": "es",
"value": "La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios"
}
],
"metrics": {

10
CVE-2023/CVE-2023-67xx/CVE-2023-6740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6740",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-01-12T08:15:43.920",
"lastModified": "2024-01-12T08:15:43.920",
"vulnStatus": "Received",
"lastModified": "2024-01-12T14:15:49.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows local user to escalate privileges"
"value": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges"
},
{
"lang": "es",
"value": "La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios"
}
],
"metrics": {

55
CVE-2023/CVE-2023-69xx/CVE-2023-6955.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6955",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:49.233",
"lastModified": "2024-01-12T14:15:49.233",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/432188",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-70xx/CVE-2023-7028.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-7028",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-12T14:15:49.420",
"lastModified": "2024-01-12T14:15:49.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2293343",
"source": "cve@gitlab.com"
}
]
}

8
CVE-2023/CVE-2023-71xx/CVE-2023-7104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:13.890",
"lastModified": "2024-01-08T17:46:29.510",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-12T14:15:49.607",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -160,6 +160,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0008/",
"source": "cna@vuldb.com"
},
{
"url": "https://sqlite.org/forum/forumpost/5bcbf4571c",
"source": "cna@vuldb.com",

75
CVE-2023/CVE-2023-72xx/CVE-2023-7223.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7223",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T16:15:43.990",
"lastModified": "2024-01-09T19:56:14.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T13:06:15.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Totolink T6 4.1.9cu.5241_B20210923 y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento topicurl con la entrada showSyslog conduce a controles de acceso inadecuados. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249867. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,59 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:t6_firmware:4.1.9cu.5241_b20210923:*:*:*:*:*:*:*",
"matchCriteriaId": "CE727AE8-BDB0-4B4B-84CF-1C10ED04EFDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:t6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCCF9D7-710A-483D-88DD-682105586C9F"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1puSOo5XrzMrctw7EtrE7DnfssOOuhRTS/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249867",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249867",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-72xx/CVE-2023-7226.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7226",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-11T21:15:12.030",
"lastModified": "2024-01-11T21:15:12.030",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en meetyoucrop big-whale 1.1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /auth/user/all.api del componente Admin Module es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a una gesti\u00f3n inadecuada de la propiedad. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250232."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0227.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0227",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2024-01-11T20:15:44.003",
"lastModified": "2024-01-11T20:15:44.003",
"vulnStatus": "Received",
"lastModified": "2024-01-12T13:47:31.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDevise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks.\n\n"
},
{
"lang": "es",
"value": "Devise-Two-Factor no acelera ni restringe los intentos de inicio de sesi\u00f3n en el servidor de forma predeterminada. Cuando se combina con las limitaciones de entrop\u00eda inherentes del algoritmo de Time-based One Time Password (TOTP), es posible que un atacante evite el mecanismo 2FA mediante ataques de fuerza bruta."
}
],
"metrics": {

59
CVE-2024/CVE-2024-03xx/CVE-2024-0308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0308",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T10:15:11.560",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T13:24:38.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "BF3BA3A1-37C8-4CA7-824D-43F337B28185"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/2E2JG2PClHGF",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.249875",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249875",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-03xx/CVE-2024-0349.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0349",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:09.727",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T14:37:41.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Engineers Online Portal 1.0. Ha sido declarada problem\u00e1tica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una cookie confidencial sin atributo seguro. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250117."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2C0236-1BC6-45DD-B5A5-1FE81BD75296"
}
]
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.250117",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.250117",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More