admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-08T21:00:18.929967+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-08 21:00:22 +00:00
parent f1132ba131
commit df7c0e9d63
61 changed files with 3521 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2014/CVE-2014-1000xx/CVE-2014-100005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-100005",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-01-13T11:59:04.477",
"lastModified": "2017-09-08T01:29:01.107",
"vulnStatus": "Modified",
"lastModified": "2023-11-08T20:19:11.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,9 +63,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-600_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.16ww",
"matchCriteriaId": "45D3F43D-444B-49A1-BA94-8B88B23D26FE"
"matchCriteriaId": "FEC4A091-E1B0-42D0-80B7-D84D6E430E01"
}
]
},
@ -75,8 +75,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:d-link:dir-60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD60B3AA-6275-4933-BD43-F0F2A305ADE4"
"criteria": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A8637C-BD16-4B96-A1DA-34529F3169D3"
}
]
}
@ -88,7 +88,15 @@
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/57304",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
@ -101,7 +109,11 @@
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

104
CVE-2015/CVE-2015-11xx/CVE-2015-1187.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-1187",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-21T16:29:00.147",
"lastModified": "2017-10-05T13:48:40.563",
"lastModified": "2023-11-08T20:19:37.313",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2022-03-25",
"cisaActionDue": "2022-04-15",
@ -19,13 +19,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -89,8 +89,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-626l_firmware:1.04:b04:*:*:*:*:*:*",
"matchCriteriaId": "0DA452E6-FD81-4757-BD76-001074624948"
"criteria": "cpe:2.3:o:dlink:dir-626l_firmware:1.04:b04:*:*:*:*:*:*",
"matchCriteriaId": "7C61317C-44BD-4683-A5E9-8C0CA765EC4E"
}
]
},
@ -100,8 +100,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-626l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C29355-C7AC-46BD-B8BF-3A2F2F7638C9"
"criteria": "cpe:2.3:h:dlink:dir-626l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB204438-1CBB-4A4D-9186-06ACFD4822DE"
}
]
}
@ -116,8 +116,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-636l_firmware:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "51E05F2C-7EFB-4768-A5C0-DD6EA93C8E38"
"criteria": "cpe:2.3:o:dlink:dir-636l_firmware:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2DAF60-5E3C-443C-9BAA-2301D6E6CCFE"
}
]
},
@ -127,8 +127,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-636l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A09CEE6F-876A-467C-9D3F-620B54762E98"
"criteria": "cpe:2.3:h:dlink:dir-636l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADEFAD1-C800-4823-B546-514389C31391"
}
]
}
@ -143,8 +143,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-808l_firmware:1.03:b05:*:*:*:*:*:*",
"matchCriteriaId": "0D0D13F3-16D3-4147-977E-65D9257BAD7C"
"criteria": "cpe:2.3:o:dlink:dir-808l_firmware:1.03:b05:*:*:*:*:*:*",
"matchCriteriaId": "9437B000-D0BF-4ECE-AB9A-7E0E5A4C8CBD"
}
]
},
@ -154,8 +154,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-808l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8DD09D-1CDE-4081-A18A-57009C749F3B"
"criteria": "cpe:2.3:h:dlink:dir-808l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D074D3-DB9D-4232-947A-6C312E438947"
}
]
}
@ -170,8 +170,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-810l_firmware:1.01:b04:*:*:*:*:*:*",
"matchCriteriaId": "9D85B3CC-6F0E-4095-B395-CE1B8CE978E9"
"criteria": "cpe:2.3:o:dlink:dir-810l_firmware:1.01:b04:*:*:*:*:*:*",
"matchCriteriaId": "8C345217-7AFD-4521-92B0-57A43963DC3A"
}
]
},
@ -181,8 +181,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-810l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54C165E2-8014-4C6C-AD31-FA028A1E5E4A"
"criteria": "cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B79563C-609A-4F9F-8F2F-FFF3D10E6684"
}
]
}
@ -197,8 +197,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-810l_firmware:2.02:b01:*:*:*:*:*:*",
"matchCriteriaId": "F3B99393-1530-4544-B21D-95C1A1480565"
"criteria": "cpe:2.3:o:dlink:dir-810l_firmware:2.02:b01:*:*:*:*:*:*",
"matchCriteriaId": "00CF9B1B-0281-44F8-8182-CB4AE6667C93"
}
]
},
@ -208,8 +208,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-810l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54C165E2-8014-4C6C-AD31-FA028A1E5E4A"
"criteria": "cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B79563C-609A-4F9F-8F2F-FFF3D10E6684"
}
]
}
@ -224,8 +224,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-820l_firmware:1.02:b10:*:*:*:*:*:*",
"matchCriteriaId": "E2C18AE3-4FD7-4DE3-AF6E-CC46761AD43C"
"criteria": "cpe:2.3:o:dlink:dir-820l_firmware:1.02:b10:*:*:*:*:*:*",
"matchCriteriaId": "73616482-C6F8-45B2-AFA9-CC58600D1259"
}
]
},
@ -235,8 +235,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B2A3DC-08B8-41BC-B065-310757FB0F34"
"criteria": "cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE60CD-DCDA-43E0-80A9-257557EDBC29"
}
]
}
@ -251,8 +251,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-820l_firmware:1.05:b03:*:*:*:*:*:*",
"matchCriteriaId": "6DC7FBDB-2C65-4986-B745-B4991063620C"
"criteria": "cpe:2.3:o:dlink:dir-820l_firmware:1.05:b03:*:*:*:*:*:*",
"matchCriteriaId": "EAD0E2A6-B7F2-4614-AFD9-7B9414A3773E"
}
]
},
@ -262,8 +262,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B2A3DC-08B8-41BC-B065-310757FB0F34"
"criteria": "cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE60CD-DCDA-43E0-80A9-257557EDBC29"
}
]
}
@ -278,8 +278,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-820l_firmware:2.01:b02:*:*:*:*:*:*",
"matchCriteriaId": "ACBD7489-E2B6-45EE-AF98-74875AD7F095"
"criteria": "cpe:2.3:o:dlink:dir-820l_firmware:2.01:b02:*:*:*:*:*:*",
"matchCriteriaId": "85AFE680-0ECF-43B7-B4B6-1F9D4FB96FE9"
}
]
},
@ -289,8 +289,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B2A3DC-08B8-41BC-B065-310757FB0F34"
"criteria": "cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE60CD-DCDA-43E0-80A9-257557EDBC29"
}
]
}
@ -305,8 +305,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-826l_firmware:1.00:b23:*:*:*:*:*:*",
"matchCriteriaId": "7F719B08-8E14-49DE-98BC-43CF45AC9BBD"
"criteria": "cpe:2.3:o:dlink:dir-826l_firmware:1.00:b23:*:*:*:*:*:*",
"matchCriteriaId": "0A250A29-4B67-415C-9209-8DA3CA7787B4"
}
]
},
@ -316,8 +316,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-826l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF2C467-8B78-42C7-9338-93A6483A06F6"
"criteria": "cpe:2.3:h:dlink:dir-826l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36554D63-D4A3-499A-BD79-8C8729CB003E"
}
]
}
@ -332,8 +332,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-830l_firmware:1.00:b07:*:*:*:*:*:*",
"matchCriteriaId": "18CE7A02-8F48-471D-91E8-3E92C3D7A9D3"
"criteria": "cpe:2.3:o:dlink:dir-830l_firmware:1.00:b07:*:*:*:*:*:*",
"matchCriteriaId": "DF1985BB-B6D5-49AF-8B58-1E0E15C0A606"
}
]
},
@ -343,8 +343,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-830l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB95ED05-130D-4319-8E3A-7185698555BC"
"criteria": "cpe:2.3:h:dlink:dir-830l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "889685BB-EFD4-46CA-BBF1-F215DAD02C92"
}
]
}
@ -359,8 +359,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-836l_firmware:1.01:b03:*:*:*:*:*:*",
"matchCriteriaId": "BAB80C5D-BF09-49CF-BF09-8EA2DBC138D2"
"criteria": "cpe:2.3:o:dlink:dir-836l_firmware:1.01:b03:*:*:*:*:*:*",
"matchCriteriaId": "B26E3CF6-4B1D-46D5-B4A0-CB0BC6CC3A8E"
}
]
},
@ -370,8 +370,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-836l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E81FAE0-6F4C-4E03-84B3-0694D88371D2"
"criteria": "cpe:2.3:h:dlink:dir-836l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2ED91B-738D-448B-B7E0-D869539571F1"
}
]
}
@ -413,8 +413,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-651_firmware:1.10na:b02:*:*:*:*:*:*",
"matchCriteriaId": "0526083F-50DF-45DD-BC6F-23C5BA3770B5"
"criteria": "cpe:2.3:o:dlink:dir-651_firmware:1.10na:b02:*:*:*:*:*:*",
"matchCriteriaId": "5BA8648E-8D38-4355-9CCC-A1C441FCBC02"
}
]
},
@ -424,8 +424,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-651:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06FC6317-48D7-4603-8C99-1A04F64133B4"
"criteria": "cpe:2.3:h:dlink:dir-651:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14E7E497-FDC7-4D4F-9313-10C21D9B58E2"
}
]
}

29
CVE-2017/CVE-2017-129xx/CVE-2017-12943.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-12943",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-08-18T15:29:00.200",
"lastModified": "2017-09-14T01:29:04.583",
"vulnStatus": "Modified",
"lastModified": "2023-11-08T20:20:33.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-600_b1_firmware:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A42C95EB-FC02-47B3-8E3C-B1C16E372425"
"criteria": "cpe:2.3:o:dlink:dir-600_b1_firmware:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5822C40-63B4-4C38-BB44-30C890B7D3CB"
}
]
},
@ -96,8 +96,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-600_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DFCB1-598C-48FC-B929-8BCDD3111B6F"
"criteria": "cpe:2.3:h:dlink:dir-600_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01EA1FD-0D5E-466E-8866-119E58379185"
}
]
}
@ -107,11 +107,18 @@
"references": [
{
"url": "https://jithindkurup.tumblr.com/post/165218785974/d-link-dir-600-authentication-bypass-absolute",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/42581/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.youtube.com/watch?v=PeNOJORAQsQ",

23
CVE-2017/CVE-2017-144xx/CVE-2017-14413.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14413",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.197",
"lastModified": "2017-09-20T19:07:21.240",
"lastModified": "2023-11-08T20:20:49.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

23
CVE-2017/CVE-2017-144xx/CVE-2017-14414.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14414",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.243",
"lastModified": "2017-09-20T19:07:11.460",
"lastModified": "2023-11-08T20:21:11.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

23
CVE-2017/CVE-2017-144xx/CVE-2017-14415.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14415",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.290",
"lastModified": "2017-09-20T19:06:53.463",
"lastModified": "2023-11-08T20:23:29.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

23
CVE-2017/CVE-2017-144xx/CVE-2017-14416.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14416",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.323",
"lastModified": "2017-09-20T19:06:42.433",
"lastModified": "2023-11-08T20:23:52.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

16
CVE-2017/CVE-2017-144xx/CVE-2017-14417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14417",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.370",
"lastModified": "2019-10-03T00:03:26.223",
"lastModified": "2023-11-08T20:57:21.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "fw208wwb02",
"matchCriteriaId": "057C6D7D-16EB-4F09-BB4A-A59C2ABFB57B"
"matchCriteriaId": "AD01AE08-1F0A-4004-8EC3-4887E540F349"
}
]
},
@ -97,8 +97,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

16
CVE-2017/CVE-2017-144xx/CVE-2017-14418.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14418",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.400",
"lastModified": "2019-10-03T00:03:26.223",
"lastModified": "2023-11-08T20:58:01.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "fw208wwb02",
"matchCriteriaId": "057C6D7D-16EB-4F09-BB4A-A59C2ABFB57B"
"matchCriteriaId": "AD01AE08-1F0A-4004-8EC3-4887E540F349"
}
]
},
@ -97,8 +97,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

27
CVE-2017/CVE-2017-144xx/CVE-2017-14419.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14419",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.447",
"lastModified": "2017-09-21T00:50:06.807",
"lastModified": "2023-11-08T20:57:41.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}
@ -125,8 +130,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

16
CVE-2017/CVE-2017-144xx/CVE-2017-14421.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14421",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.527",
"lastModified": "2017-09-21T00:51:09.837",
"lastModified": "2023-11-08T20:59:00.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "fw208wwb02",
"matchCriteriaId": "057C6D7D-16EB-4F09-BB4A-A59C2ABFB57B"
"matchCriteriaId": "AD01AE08-1F0A-4004-8EC3-4887E540F349"
}
]
},
@ -97,8 +97,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

31
CVE-2017/CVE-2017-144xx/CVE-2017-14422.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14422",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.573",
"lastModified": "2017-09-21T00:59:31.510",
"lastModified": "2023-11-08T20:59:19.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}
@ -113,9 +118,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "fw208wwb02",
"matchCriteriaId": "057C6D7D-16EB-4F09-BB4A-A59C2ABFB57B"
"matchCriteriaId": "AD01AE08-1F0A-4004-8EC3-4887E540F349"
}
]
},
@ -125,8 +130,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

23
CVE-2017/CVE-2017-144xx/CVE-2017-14423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-14423",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-13T17:29:00.603",
"lastModified": "2019-10-03T00:03:26.223",
"lastModified": "2023-11-08T21:00:01.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,9 +85,14 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:*:beta1:*:*:*:*:*:*",
"versionEndIncluding": "fw114wwb07_h2ab",
"matchCriteriaId": "269739B0-7349-4225-81D8-28CA494E4957"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "fw114wwb07_h2ab",
"matchCriteriaId": "1A2C72E9-93AA-4670-B0B5-4016E442DFDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E063822-8CED-46B3-BE66-7AD18F02FAC8"
}
]
},
@ -97,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

22
CVE-2017/CVE-2017-31xx/CVE-2017-3193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-3193",
"sourceIdentifier": "cret@cert.org",
"published": "2017-12-16T02:29:10.417",
"lastModified": "2019-10-09T23:27:21.320",
"vulnStatus": "Modified",
"lastModified": "2023-11-08T20:19:55.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -95,13 +95,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:1.14b07:*:*:*:*:*:*:*",
"matchCriteriaId": "496921A4-1639-49BA-8976-C344BF78E393"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:1.14b07:*:*:*:*:*:*:*",
"matchCriteriaId": "10F53477-8CF3-48DC-BC1E-B6C19E878FD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:d-link:dir-850l_firmware:2.07.b05:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF55090-9E8B-45D4-BF14-381809CF6033"
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3B7CA2-E60A-48D3-AA8F-38E0809B1614"
}
]
},
@ -111,8 +111,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:d-link:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74BDB0-BD40-4AFA-8FE0-3AD43894429E"
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
}
]
}

61
CVE-2023/CVE-2023-17xx/CVE-2023-1715.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1715",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-01T10:15:09.113",
"lastModified": "2023-11-01T12:51:08.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T20:33:18.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Un error l\u00f3gico al usar mb_strpos() para verificar un posible payload XSS en Bitrix24 22.0.300 permite a los atacantes evitar la sanitizaci\u00f3n XSS colocando etiquetas HTML al comienzo del payload."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*",
"matchCriteriaId": "D47D6185-F86F-4402-85C1-C0A0EAE09B0D"
}
]
}
]
}
],
"references": [
{
"url": "https://starlabs.sg/advisories/23/23-1715/",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-262xx/CVE-2023-26221.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26221",
"sourceIdentifier": "security@tibco.com",
"published": "2023-11-08T20:15:07.313",
"lastModified": "2023-11-08T20:15:07.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@tibco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com"
}
]
}

62
CVE-2023/CVE-2023-26xx/CVE-2023-2621.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2621",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.790",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T20:24:04.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThe McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer\nsystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can\nexploit this vulnerability by uploading a crafted ZIP archive via the\nnetwork to McFeeder\u2019s service endpoint.\n\n"
},
{
"lang": "es",
"value": "El servidor McFeeder (distribuido como parte del paquete SSW) es susceptible a una vulnerabilidad de escritura de archivos arbitraria en el sistema inform\u00e1tico PRINCIPAL. Esta vulnerabilidad se debe al uso de una versi\u00f3n desactualizada de una librer\u00eda de terceros, que se utiliza para extraer archivos cargados en el servidor McFeeder. Un cliente malicioso autenticado puede aprovechar esta vulnerabilidad cargando un archivo ZIP manipulado a trav\u00e9s de la red en el endpoint del servicio de McFeeder."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "7.17.0.0",
"matchCriteriaId": "5DC6F37B-1068-4138-9327-6CD510934849"
}
]
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-26xx/CVE-2023-2622.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2622",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.867",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T20:02:14.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n"
},
{
"lang": "es",
"value": "Los clientes autenticados pueden leer archivos arbitrarios en el sistema inform\u00e1tico PRINCIPAL mediante Remote Procedure Call (RPC) del endpoint del servicio InspectSetup. Luego, el cliente con privilegios bajos puede leer archivos arbitrarios para los que no tiene autorizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.10.0.0",
"versionEndIncluding": "7.18.0.0",
"matchCriteriaId": "462D2B72-044A-40AB-85F5-A2E082E04D01"
}
]
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-41xx/CVE-2023-4197.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4197",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-01T08:15:07.333",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:47:53.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Dolibarr ERP CRM versiones &lt;= 18.0.1 no elimina cierto c\u00f3digo PHP de la entrada proporcionada por el usuario al crear un sitio web, lo que permite a un atacante inyectar y evaluar c\u00f3digo PHP arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "18.0.1",
"matchCriteriaId": "C140890A-4169-47C2-948C-E3B935BA14FC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087e",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4197",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-41xx/CVE-2023-4198.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4198",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-01T09:15:09.477",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:53:36.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data"
},
{
"lang": "es",
"value": "El control de acceso inadecuado en Dolibarr ERP CRM versiones &lt;= 17.0.3 permite a un usuario autenticado no autorizado leer una tabla de base de datos que contiene datos del cliente"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.0.3",
"matchCriteriaId": "BCE1249D-E1F0-4434-ABC5-F5ACDCF15AEE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947b",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-4198",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-426xx/CVE-2023-42631.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-42631",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-11-01T10:15:09.513",
"lastModified": "2023-11-01T12:51:08.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:05:43.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En las herramientas de validaci\u00f3n, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-426xx/CVE-2023-42632.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-42632",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-11-01T10:15:09.560",
"lastModified": "2023-11-01T12:51:08.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:03:00.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En las herramientas de validaci\u00f3n, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-426xx/CVE-2023-42633.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-42633",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-11-01T10:15:09.613",
"lastModified": "2023-11-01T12:51:08.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:02:25.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En las herramientas de validaci\u00f3n, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-437xx/CVE-2023-43798.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43798",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.397",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T20:12:42.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.6.12",
"matchCriteriaId": "07AC33B9-3067-4848-B48D-ABDD7286DE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C05D5D11-75BE-41FA-A62F-61F35B16BA9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "C23D21AA-EF44-4F61-9775-57E3AF206CEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "1E95E50E-3C1E-438A-BAEC-AE0DF69B2937"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A7EC2B6A-1A13-40FE-85D6-30D596813394"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5A7D33D7-AE88-4ED4-82A4-BCFA7E828AD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "49CCF586-942D-4B21-BFD2-486EF3FCDF7E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18494",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18580",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-43xx/CVE-2023-4393.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4393",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2023-10-30T00:15:39.237",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T20:56:59.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization."
},
{
"lang": "es",
"value": "Las inyecciones de HTML y SMTP en la p\u00e1gina de registro de LiquidFiles versiones 3.7.13 e inferiores permiten a un atacante realizar ataques de phishing m\u00e1s avanzados contra una organizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "vdp@themissinglink.com.au",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "vdp@themissinglink.com.au",
"type": "Secondary",
@ -50,10 +88,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liquidfiles:liquidfiles:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.14",
"matchCriteriaId": "A0C34988-1107-4675-8490-5A583DBB32CC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-4393",
"source": "vdp@themissinglink.com.au"
"source": "vdp@themissinglink.com.au",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-456xx/CVE-2023-45670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45670",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.543",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:17:43.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,26 +70,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.13.0",
"matchCriteriaId": "C4732404-ED83-4426-AAA2-7BA34EDDD6BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C166CCC4-B65F-467C-B9C7-716181142D21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "950A7EE4-7B30-482E-824D-81BD4DC707F2"
}
]
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/discussions/8366",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-456xx/CVE-2023-45671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.620",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:08:21.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.13.0",
"matchCriteriaId": "C4732404-ED83-4426-AAA2-7BA34EDDD6BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C166CCC4-B65F-467C-B9C7-716181142D21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "950A7EE4-7B30-482E-824D-81BD4DC707F2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-461xx/CVE-2023-46129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46129",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:09.933",
"lastModified": "2023-10-31T18:15:08.653",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:01:15.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,14 +74,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nats:nats_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.4",
"matchCriteriaId": "AC5698E9-BF06-46C5-BC69-A9729B096782"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nats:nkeys:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.4.6.",
"matchCriteriaId": "6D496EEC-9F47-45E6-BEA4-24EB4FD50F6A"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/31/1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-469xx/CVE-2023-46911.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-46911",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T17:15:11.870",
"lastModified": "2023-11-01T17:16:31.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:46:29.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting (XSS) en la interfaz choose_style_tree.do del backend de Jspxcms v10.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CC8654-4A79-4A1D-8AFA-C8309ED94FCD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/jspxcms/Jspxcms/issues/I8AK2H",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

73
CVE-2023/CVE-2023-469xx/CVE-2023-46927.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-46927",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T15:15:08.707",
"lastModified": "2023-11-01T16:16:34.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:35:56.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box."
},
{
"lang": "es",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contiene un desbordamiento de b\u00fafer de mont\u00f3n en gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 en gpac/MP4Box. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev605-gfc9e29089-master:*:*:*:*:*:*:*",
"matchCriteriaId": "276701A5-2ABB-4EDB-9E2A-96A6A9EA62D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2657",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-469xx/CVE-2023-46928.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-46928",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T15:15:08.753",
"lastModified": "2023-11-01T16:16:34.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:31:58.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42."
},
{
"lang": "es",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contiene un SEGV en gpac/MP4Box en gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev605-gfc9e29089-master:*:*:*:*:*:*:*",
"matchCriteriaId": "276701A5-2ABB-4EDB-9E2A-96A6A9EA62D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2661",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-469xx/CVE-2023-46930.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-46930",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T14:15:38.250",
"lastModified": "2023-11-01T16:16:34.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:41:01.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14."
},
{
"lang": "es",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contiene un SEGV en gpac/MP4Box en gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev605-gfc9e29089-master:*:*:*:*:*:*:*",
"matchCriteriaId": "276701A5-2ABB-4EDB-9E2A-96A6A9EA62D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2666",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-469xx/CVE-2023-46931.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-46931",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-01T14:15:38.640",
"lastModified": "2023-11-01T16:16:34.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:36:49.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box."
},
{
"lang": "es",
"value": "GPAC 2.3-DEV-rev605-gfc9e29089-master contiene un desbordamiento de b\u00fafer de mont\u00f3n en ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 en gpac/MP4Box."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev605-gfc9e29089-master:*:*:*:*:*:*:*",
"matchCriteriaId": "276701A5-2ABB-4EDB-9E2A-96A6A9EA62D9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf.",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/gpac/gpac/issues/2664",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-471xx/CVE-2023-47181.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47181",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:08.057",
"lastModified": "2023-11-08T19:15:08.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <=\u00a08.52 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-46-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-471xx/CVE-2023-47190.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47190",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:08.137",
"lastModified": "2023-11-08T19:15:08.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <=\u00a01.9.0 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-472xx/CVE-2023-47223.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47223",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:08.540",
"lastModified": "2023-11-08T19:15:08.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <=\u00a02.0 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/basic-interactive-world-map/wordpress-basic-interactive-world-map-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-472xx/CVE-2023-47226.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47226",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:09.023",
"lastModified": "2023-11-08T19:15:09.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <=\u00a01.0.20 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-slider-carousel/wordpress-post-sliders-post-grids-plugin-1-0-20-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-472xx/CVE-2023-47227.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47227",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:09.377",
"lastModified": "2023-11-08T19:15:09.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin <=\u00a01.5.4.6 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-facebook/wordpress-social-feed-all-social-media-in-one-place-plugin-1-5-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-472xx/CVE-2023-47228.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47228",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:09.497",
"lastModified": "2023-11-08T19:15:09.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <=\u00a01.1.9.7 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slider-slideshow/wordpress-layer-slider-plugin-1-1-9-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-472xx/CVE-2023-47229.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47229",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:09.563",
"lastModified": "2023-11-08T19:15:09.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin <=\u00a03.1 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/top-25-social-icons/wordpress-top-25-social-icons-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-472xx/CVE-2023-47231.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47231",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T19:15:09.633",
"lastModified": "2023-11-08T19:15:09.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <=\u00a01.9.8 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcodes-ui/wordpress-shortcodes-ui-plugin-1-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

105
CVE-2023/CVE-2023-54xx/CVE-2023-5480.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5480",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:09.930",
"lastModified": "2023-11-08T04:15:07.777",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:36:31.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La implementaci\u00f3n inadecuada en Pagos en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto evitar las prevenciones XSS a trav\u00e9s de un archivo malicioso. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1492698",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-54xx/CVE-2023-5482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5482",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:09.973",
"lastModified": "2023-11-08T04:15:07.830",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:35:15.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La validaci\u00f3n de datos insuficiente en USB en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto realizar acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1492381",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-55xx/CVE-2023-5514.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5514",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.933",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:36:35.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be\nabused for enumerating the local file system structure.\n\n"
},
{
"lang": "es",
"value": "Se puede abusar de los mensajes de respuesta recibidos de la generaci\u00f3n del informe eSOMS utilizando ciertas consultas de par\u00e1metros con la ruta completa del archivo para enumerar la estructura del sistema de archivos local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.3.13",
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289"
}
]
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-55xx/CVE-2023-5515.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5515",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:07.993",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:28:26.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against\nweb servers and deployed web applications.\n\n"
},
{
"lang": "es",
"value": "Las respuestas a consultas web con ciertos par\u00e1metros revelan la ruta interna de los recursos. Esta informaci\u00f3n se puede utilizar para conocer la estructura interna de la aplicaci\u00f3n y para planear m\u00e1s ataques contra servidores web y aplicaciones web implementadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.3.13",
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289"
}
]
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-55xx/CVE-2023-5516.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5516",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-11-01T03:15:08.060",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T19:40:16.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing\ninformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,\nbackend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. \n\n"
},
{
"lang": "es",
"value": "Las solicitudes de aplicaciones web mal construidas y los componentes URI con caracteres especiales desencadenan errores y excepciones no controlados, revelando informaci\u00f3n sobre la tecnolog\u00eda subyacente y otros detalles de informaci\u00f3n confidencial. El sitio web revela involuntariamente informaci\u00f3n confidencial, incluidos detalles t\u00e9cnicos como informaci\u00f3n de la versi\u00f3n, endpoints, servidor backend e IP interna. etc., lo que potencialmente puede exponer una superficie de ataque adicional que contiene otras vulnerabilidades interesantes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.3.13",
"matchCriteriaId": "BE3D04FB-2676-491B-8FBC-9D5D5911E289"
}
]
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-55xx/CVE-2023-5561.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5561",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:18.073",
"lastModified": "2023-11-07T04:24:08.140",
"lastModified": "2023-11-08T19:15:09.703",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
"value": "WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack"
},
{
"lang": "es",

105
CVE-2023/CVE-2023-58xx/CVE-2023-5849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5849",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.107",
"lastModified": "2023-11-08T04:15:07.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:37:10.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "El desbordamiento de enteros en USB en Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1492384",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-58xx/CVE-2023-5850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5850",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.160",
"lastModified": "2023-11-08T04:15:07.927",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:40:09.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,115 @@
"value": "La interfaz de usuario de seguridad incorrecta en Descargas en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto realizar una suplantaci\u00f3n de dominio a trav\u00e9s de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1281972",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5851",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.207",
"lastModified": "2023-11-08T04:15:07.970",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:26:04.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La implementaci\u00f3n inadecuada en Descargas en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto ofuscar la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1473957",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5852",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.253",
"lastModified": "2023-11-08T04:15:08.020",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:32:39.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "Use after free en Impresi\u00f3n en Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario espec\u00edficos para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de gestos de interfaz de usuario espec\u00edficos. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1480852",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5853",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.300",
"lastModified": "2023-11-08T04:15:08.060",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:24:29.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La interfaz de usuario de seguridad incorrecta en Descargas en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto ofuscar la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1456876",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5854",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.343",
"lastModified": "2023-11-08T04:15:08.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:25:00.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "Use after free en Perfiles de Google Chrome anteriores a 119.0.6045.105 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario espec\u00edficos para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de gestos de interfaz de usuario espec\u00edficos. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1488267",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5855",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.387",
"lastModified": "2023-11-08T04:15:08.147",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:23:09.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "Use after free en Modo Lectura en Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario espec\u00edficos para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de gestos de interfaz de usuario espec\u00edficos. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1492396",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5856.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5856",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.433",
"lastModified": "2023-11-08T04:15:08.187",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:22:24.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "Use after free en el Panel Lateral de Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos espec\u00edficos en la interfaz de usuario para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1493380",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5857",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.477",
"lastModified": "2023-11-08T04:15:08.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T19:49:02.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La implementaci\u00f3n inadecuada en Descargas en Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto ejecutar potencialmente c\u00f3digo arbitrario a trav\u00e9s de un archivo malicioso. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1493435",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5858",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.517",
"lastModified": "2023-11-08T04:15:08.270",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T19:50:07.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La implementaci\u00f3n inadecuada en WebApp Provider en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto ofuscar la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1457704",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-58xx/CVE-2023-5859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5859",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-01T18:15:10.563",
"lastModified": "2023-11-08T04:15:08.310",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T20:05:41.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,114 @@
"value": "La interfaz de usuario de seguridad incorrecta en Imagen sobre Imagen en Google Chrome anterior a 119.0.6045.105 permit\u00eda a un atacante remoto realizar una suplantaci\u00f3n de dominio a trav\u00e9s de una p\u00e1gina HTML local manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "119.0.6045.105",
"matchCriteriaId": "EB02C074-0B9E-4658-BC8D-5F6198D2E3EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1482045",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5546",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-58xx/CVE-2023-5897.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5897",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-01T01:15:07.937",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T20:26:14.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1."
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub pkp/customLocale anterior a 1.2.0-1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sfu:customlocale:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0-1",
"matchCriteriaId": "4EC7A09B-0417-4F3A-9391-45B1C7218486"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pkp/customLocale/commit/407ba30f12f78efe79122591c1d85709c10b6831",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/7c215b8e-63f6-4146-b8e3-8482c731876f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-59xx/CVE-2023-5996.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-5996",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-08T20:15:07.637",
"lastModified": "2023-11-08T20:15:07.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1497859",
"source": "chrome-cve-admin@google.com"
}
]
}

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-08T19:00:19.410809+00:00
2023-11-08T21:00:18.929967+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-08T18:49:56.440000+00:00
2023-11-08T21:00:01.197000+00:00
```
### Last Data Feed Release
@ -29,50 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230148
230158
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `10`
* [CVE-2023-46642](CVE-2023/CVE-2023-466xx/CVE-2023-46642.json) (`2023-11-08T17:15:07.780`)
* [CVE-2023-46643](CVE-2023/CVE-2023-466xx/CVE-2023-46643.json) (`2023-11-08T17:15:07.860`)
* [CVE-2023-47379](CVE-2023/CVE-2023-473xx/CVE-2023-47379.json) (`2023-11-08T17:15:07.937`)
* [CVE-2023-5760](CVE-2023/CVE-2023-57xx/CVE-2023-5760.json) (`2023-11-08T17:15:07.993`)
* [CVE-2023-5913](CVE-2023/CVE-2023-59xx/CVE-2023-5913.json) (`2023-11-08T17:15:08.193`)
* [CVE-2023-3282](CVE-2023/CVE-2023-32xx/CVE-2023-3282.json) (`2023-11-08T18:15:07.827`)
* [CVE-2023-47181](CVE-2023/CVE-2023-471xx/CVE-2023-47181.json) (`2023-11-08T19:15:08.057`)
* [CVE-2023-47190](CVE-2023/CVE-2023-471xx/CVE-2023-47190.json) (`2023-11-08T19:15:08.137`)
* [CVE-2023-47223](CVE-2023/CVE-2023-472xx/CVE-2023-47223.json) (`2023-11-08T19:15:08.540`)
* [CVE-2023-47226](CVE-2023/CVE-2023-472xx/CVE-2023-47226.json) (`2023-11-08T19:15:09.023`)
* [CVE-2023-47227](CVE-2023/CVE-2023-472xx/CVE-2023-47227.json) (`2023-11-08T19:15:09.377`)
* [CVE-2023-47228](CVE-2023/CVE-2023-472xx/CVE-2023-47228.json) (`2023-11-08T19:15:09.497`)
* [CVE-2023-47229](CVE-2023/CVE-2023-472xx/CVE-2023-47229.json) (`2023-11-08T19:15:09.563`)
* [CVE-2023-47231](CVE-2023/CVE-2023-472xx/CVE-2023-47231.json) (`2023-11-08T19:15:09.633`)
* [CVE-2023-26221](CVE-2023/CVE-2023-262xx/CVE-2023-26221.json) (`2023-11-08T20:15:07.313`)
* [CVE-2023-5996](CVE-2023/CVE-2023-59xx/CVE-2023-5996.json) (`2023-11-08T20:15:07.637`)
### CVEs modified in the last Commit
Recently modified CVEs: `76`
Recently modified CVEs: `50`
* [CVE-2023-5211](CVE-2023/CVE-2023-52xx/CVE-2023-5211.json) (`2023-11-08T18:34:40.567`)
* [CVE-2023-5229](CVE-2023/CVE-2023-52xx/CVE-2023-5229.json) (`2023-11-08T18:35:10.590`)
* [CVE-2023-5237](CVE-2023/CVE-2023-52xx/CVE-2023-5237.json) (`2023-11-08T18:36:19.067`)
* [CVE-2023-5238](CVE-2023/CVE-2023-52xx/CVE-2023-5238.json) (`2023-11-08T18:37:35.557`)
* [CVE-2023-5243](CVE-2023/CVE-2023-52xx/CVE-2023-5243.json) (`2023-11-08T18:40:41.847`)
* [CVE-2023-46138](CVE-2023/CVE-2023-461xx/CVE-2023-46138.json) (`2023-11-08T18:41:09.540`)
* [CVE-2023-5307](CVE-2023/CVE-2023-53xx/CVE-2023-5307.json) (`2023-11-08T18:41:12.960`)
* [CVE-2023-46485](CVE-2023/CVE-2023-464xx/CVE-2023-46485.json) (`2023-11-08T18:41:18.580`)
* [CVE-2023-5360](CVE-2023/CVE-2023-53xx/CVE-2023-5360.json) (`2023-11-08T18:41:39.053`)
* [CVE-2023-46484](CVE-2023/CVE-2023-464xx/CVE-2023-46484.json) (`2023-11-08T18:41:43.503`)
* [CVE-2023-3676](CVE-2023/CVE-2023-36xx/CVE-2023-3676.json) (`2023-11-08T18:42:03.267`)
* [CVE-2023-5458](CVE-2023/CVE-2023-54xx/CVE-2023-5458.json) (`2023-11-08T18:42:44.630`)
* [CVE-2023-5519](CVE-2023/CVE-2023-55xx/CVE-2023-5519.json) (`2023-11-08T18:43:21.643`)
* [CVE-2023-24410](CVE-2023/CVE-2023-244xx/CVE-2023-24410.json) (`2023-11-08T18:44:01.737`)
* [CVE-2023-43139](CVE-2023/CVE-2023-431xx/CVE-2023-43139.json) (`2023-11-08T18:45:06.463`)
* [CVE-2023-42640](CVE-2023/CVE-2023-426xx/CVE-2023-42640.json) (`2023-11-08T18:45:28.357`)
* [CVE-2023-42634](CVE-2023/CVE-2023-426xx/CVE-2023-42634.json) (`2023-11-08T18:46:03.447`)
* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-11-08T18:46:22.220`)
* [CVE-2023-31212](CVE-2023/CVE-2023-312xx/CVE-2023-31212.json) (`2023-11-08T18:47:36.203`)
* [CVE-2023-33927](CVE-2023/CVE-2023-339xx/CVE-2023-33927.json) (`2023-11-08T18:47:41.490`)
* [CVE-2023-35879](CVE-2023/CVE-2023-358xx/CVE-2023-35879.json) (`2023-11-08T18:47:46.667`)
* [CVE-2023-36508](CVE-2023/CVE-2023-365xx/CVE-2023-36508.json) (`2023-11-08T18:47:51.157`)
* [CVE-2023-37243](CVE-2023/CVE-2023-372xx/CVE-2023-37243.json) (`2023-11-08T18:48:53.687`)
* [CVE-2023-37966](CVE-2023/CVE-2023-379xx/CVE-2023-37966.json) (`2023-11-08T18:49:49.813`)
* [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-11-08T18:49:56.440`)
* [CVE-2023-46931](CVE-2023/CVE-2023-469xx/CVE-2023-46931.json) (`2023-11-08T19:36:49.673`)
* [CVE-2023-5516](CVE-2023/CVE-2023-55xx/CVE-2023-5516.json) (`2023-11-08T19:40:16.980`)
* [CVE-2023-46930](CVE-2023/CVE-2023-469xx/CVE-2023-46930.json) (`2023-11-08T19:41:01.493`)
* [CVE-2023-46911](CVE-2023/CVE-2023-469xx/CVE-2023-46911.json) (`2023-11-08T19:46:29.690`)
* [CVE-2023-4197](CVE-2023/CVE-2023-41xx/CVE-2023-4197.json) (`2023-11-08T19:47:53.387`)
* [CVE-2023-5857](CVE-2023/CVE-2023-58xx/CVE-2023-5857.json) (`2023-11-08T19:49:02.230`)
* [CVE-2023-5858](CVE-2023/CVE-2023-58xx/CVE-2023-5858.json) (`2023-11-08T19:50:07.920`)
* [CVE-2023-4198](CVE-2023/CVE-2023-41xx/CVE-2023-4198.json) (`2023-11-08T19:53:36.713`)
* [CVE-2023-2622](CVE-2023/CVE-2023-26xx/CVE-2023-2622.json) (`2023-11-08T20:02:14.737`)
* [CVE-2023-5859](CVE-2023/CVE-2023-58xx/CVE-2023-5859.json) (`2023-11-08T20:05:41.180`)
* [CVE-2023-43798](CVE-2023/CVE-2023-437xx/CVE-2023-43798.json) (`2023-11-08T20:12:42.660`)
* [CVE-2023-5856](CVE-2023/CVE-2023-58xx/CVE-2023-5856.json) (`2023-11-08T20:22:24.560`)
* [CVE-2023-5855](CVE-2023/CVE-2023-58xx/CVE-2023-5855.json) (`2023-11-08T20:23:09.507`)
* [CVE-2023-2621](CVE-2023/CVE-2023-26xx/CVE-2023-2621.json) (`2023-11-08T20:24:04.207`)
* [CVE-2023-5853](CVE-2023/CVE-2023-58xx/CVE-2023-5853.json) (`2023-11-08T20:24:29.763`)
* [CVE-2023-5854](CVE-2023/CVE-2023-58xx/CVE-2023-5854.json) (`2023-11-08T20:25:00.897`)
* [CVE-2023-5851](CVE-2023/CVE-2023-58xx/CVE-2023-5851.json) (`2023-11-08T20:26:04.193`)
* [CVE-2023-5897](CVE-2023/CVE-2023-58xx/CVE-2023-5897.json) (`2023-11-08T20:26:14.077`)
* [CVE-2023-5852](CVE-2023/CVE-2023-58xx/CVE-2023-5852.json) (`2023-11-08T20:32:39.500`)
* [CVE-2023-1715](CVE-2023/CVE-2023-17xx/CVE-2023-1715.json) (`2023-11-08T20:33:18.587`)
* [CVE-2023-5482](CVE-2023/CVE-2023-54xx/CVE-2023-5482.json) (`2023-11-08T20:35:15.857`)
* [CVE-2023-5480](CVE-2023/CVE-2023-54xx/CVE-2023-5480.json) (`2023-11-08T20:36:31.260`)
* [CVE-2023-5849](CVE-2023/CVE-2023-58xx/CVE-2023-5849.json) (`2023-11-08T20:37:10.247`)
* [CVE-2023-5850](CVE-2023/CVE-2023-58xx/CVE-2023-5850.json) (`2023-11-08T20:40:09.197`)
* [CVE-2023-4393](CVE-2023/CVE-2023-43xx/CVE-2023-4393.json) (`2023-11-08T20:56:59.690`)
## Download and Usage