admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-31T13:00:19.128492+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-31 13:00:23 +00:00
parent 944b50280a
commit e1c952b25b
75 changed files with 1228 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2015/CVE-2015-08xx/CVE-2015-0897.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-0897",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-31T10:15:08.450",
"lastModified": "2023-10-31T10:15:08.450",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker."
},
{
"lang": "es",
"value": "LINE para Android versi\u00f3n 5.0.2 y anteriores y LINE para iOS versi\u00f3n 5.0.0 y anteriores son vulnerables a ataques MITM (man-in-the-middle) ya que la aplicaci\u00f3n permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un script inyectado por un atacante MITM (man-in-the-middle)."
}
],
"metrics": {},

8
CVE-2015/CVE-2015-201xx/CVE-2015-20110.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-20110",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T03:15:07.613",
"lastModified": "2023-10-31T03:15:07.613",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters."
},
{
"lang": "es",
"value": "JHipster generador-jhipster anterior a 2.23.0 permite un ataque de tiempo contra validarToken debido a una comparaci\u00f3n de cadenas que se detiene en el primer car\u00e1cter que es diferente. Los atacantes pueden adivinar fichas forzando bruscamente un personaje a la vez y observando el tiempo. Por supuesto, esto reduce dr\u00e1sticamente el espacio de b\u00fasqueda a una cantidad lineal de conjeturas basadas en la longitud del token multiplicada por los caracteres posibles."
}
],
"metrics": {},

8
CVE-2015/CVE-2015-29xx/CVE-2015-2968.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-2968",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-31T10:15:08.567",
"lastModified": "2023-10-31T10:15:08.567",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker."
},
{
"lang": "es",
"value": "LINE@ para Android versi\u00f3n 1.0.0 y LINE@ para iOS versi\u00f3n 1.0.0 son vulnerables al ataque MITM (man-in-the-middle) ya que la aplicaci\u00f3n permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un script inyectado por un atacante MITM (man-in-the-middle)."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-367xx/CVE-2020-36767.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-36767",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T19:15:07.767",
"lastModified": "2023-10-30T19:15:07.767",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data."
},
{
"lang": "es",
"value": "tinyfiledialogs (tambi\u00e9n conocido como di\u00e1logos de archivos peque\u00f1os) anteriores a 3.8.0 permite metacaracteres de shell en t\u00edtulos, mensajes y otros datos de entrada."
}
],
"metrics": {},

55
CVE-2022/CVE-2022-30xx/CVE-2022-3007.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-3007",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2023-10-31T12:15:08.597",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0333",
"source": "vdisclose@cert-in.org.in"
}
]
}

8
CVE-2022/CVE-2022-391xx/CVE-2022-39172.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-39172",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T22:15:09.677",
"lastModified": "2023-10-30T22:15:09.677",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via name field of a process."
},
{
"lang": "es",
"value": "Un XSS almacenado en la descripci\u00f3n general del proceso (bersicht zugewiesener Vorgaenge) en mbsupport openVIVA c2 20220101 permite a un atacante remoto, autenticado y con pocos privilegios ejecutar c\u00f3digo arbitrario en el navegador de la v\u00edctima a trav\u00e9s del campo de nombre de un proceso."
}
],
"metrics": {},

57
CVE-2023/CVE-2023-13xx/CVE-2023-1356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1356",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2023-10-25T18:17:22.873",
"lastModified": "2023-10-25T20:32:16.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-31T12:48:27.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "vdp@themissinglink.com.au",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "vdp@themissinglink.com.au",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.053",
"matchCriteriaId": "DB54802E-0128-49AA-90B1-945564743E86"
}
]
}
]
}
],
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356",
"source": "vdp@themissinglink.com.au"
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-271xx/CVE-2023-27152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27152",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-23T21:15:08.703",
"lastModified": "2023-10-24T12:45:02.747",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-31T12:43:39.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "DECISO OPNsense 23.1 no impone l\u00edmites de velocidad para la autenticaci\u00f3n, lo que permite a los atacantes realizar un ataque de fuerza bruta para eludir la autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opnsense:opnsense:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23DC96C9-1D8E-420F-967B-BA8060372EB5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esecforte.com/cve-2023-27152-opnsense-brute-force/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-278xx/CVE-2023-27846.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27846",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.057",
"lastModified": "2023-10-31T04:15:11.057",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL encontrada en PrestaShop themevolty v.4.0.8 y anteriores, permite a un atacante remoto obtener privilegios a trav\u00e9s de los componentes tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-317xx/CVE-2023-31794.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31794",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T01:15:07.497",
"lastModified": "2023-10-31T01:15:07.497",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MuPDF v1.21.1 contiene una recursividad infinita en el componente pdf_mark_list_push. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PDF manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-362xx/CVE-2023-36263.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T05:15:58.220",
"lastModified": "2023-10-31T05:15:58.220",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
},
{
"lang": "es",
"value": "Prestashop opartlimitquantity 1.4.5 y anteriores es vulnerable a la inyecci\u00f3n SQL. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {

51
CVE-2023/CVE-2023-389xx/CVE-2023-38994.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-38994",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T12:15:08.683",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324",
"source": "cve@mitre.org"
},
{
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0",
"source": "cve@mitre.org"
},
{
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-406xx/CVE-2023-40681.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40681",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.710",
"lastModified": "2023-10-31T10:15:08.710",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <=\u00a02.7.11.10 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Groundhogg Inc. Groundhogg en versiones &lt;= 2.7.11.10."
}
],
"metrics": {

8
CVE-2023/CVE-2023-418xx/CVE-2023-41891.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41891",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:07.883",
"lastModified": "2023-10-30T19:15:07.883",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue."
},
{
"lang": "es",
"value": "FlyteAdmin es el plano de control de Flyte responsable de gestionar entidades y administrar ejecuciones de flujo de trabajo. Antes de la versi\u00f3n 1.1.124, los endpoints de lista en FlyteAdmin ten\u00edan una vulnerabilidad SQL donde un usuario malintencionado pod\u00eda enviar una solicitud REST con declaraciones SQL personalizadas como filtros de lista. El atacante debe tener acceso a la instalaci\u00f3n de FlyteAdmin, normalmente mediante una VPN o mediante autenticaci\u00f3n. La versi\u00f3n 1.1.124 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-423xx/CVE-2023-42323.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42323",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T22:15:10.320",
"lastModified": "2023-10-30T22:15:10.320",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en DouHaocms v.3.3 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo adminAction.class.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42803.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42803",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:07.963",
"lastModified": "2023-10-30T19:15:07.963",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds."
},
{
"lang": "es",
"value": "BigBlueButton es un aula virtual de c\u00f3digo abierto. BigBlueButton anterior a la versi\u00f3n 2.6.0-beta.2 es vulnerable a la carga de archivos sin restricciones, donde la llamada a la API insertDocument no valida la extensi\u00f3n de archivo dada antes de guardar el archivo y no la elimina en caso de fallas de validaci\u00f3n. BigBlueButton 2.6.0-beta.2 contiene un parche. No se conocen workarounds."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42804.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42804",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.037",
"lastModified": "2023-10-30T19:15:08.037",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds."
},
{
"lang": "es",
"value": "BigBlueButton es un aula virtual de c\u00f3digo abierto. BigBlueButton anterior a la versi\u00f3n 2.6.0-beta.1 tiene una vulnerabilidad de path traversal que permite a un atacante con una ruta de carpeta de inicio v\u00e1lida atravesar y leer otros archivos sin autenticaci\u00f3n, asumiendo que los archivos tienen ciertas extensiones (txt, swf, svg, png). En la versi\u00f3n 2.6.0-beta.1, se agreg\u00f3 validaci\u00f3n de entrada en los par\u00e1metros que se pasan y se eliminan los caracteres peligrosos. No se conocen workarounds."
}
],
"metrics": {

8
CVE-2023/CVE-2023-431xx/CVE-2023-43139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43139",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T05:15:58.353",
"lastModified": "2023-10-31T05:15:58.353",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components."
},
{
"lang": "es",
"value": "Un problema en franfinance anterior a v.2.0.27 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes validation.php y controllers/front/validation.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-436xx/CVE-2023-43647.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43647",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.110",
"lastModified": "2023-10-30T19:15:08.110",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue."
},
{
"lang": "es",
"value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 4.8.0, hab\u00eda una vulnerabilidad de Cross-Site Scripting (XSS) en la funci\u00f3n de carga de archivos de baserCMS. La versi\u00f3n 4.8.0 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-436xx/CVE-2023-43648.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43648",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.183",
"lastModified": "2023-10-30T19:15:08.183",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue."
},
{
"lang": "es",
"value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 4.8.0, hab\u00eda una vulnerabilidad de Directory Traversal en la funci\u00f3n de administraci\u00f3n de datos de env\u00edo de formularios de baserCMS. La versi\u00f3n 4.8.0 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-436xx/CVE-2023-43649.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43649",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T19:15:08.257",
"lastModified": "2023-10-30T19:15:08.257",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue."
},
{
"lang": "es",
"value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 4.8.0, hab\u00eda una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funci\u00f3n de vista previa de contenido de baserCMS. La versi\u00f3n 4.8.0 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-437xx/CVE-2023-43792.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43792",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T21:15:07.500",
"lastModified": "2023-10-30T21:15:07.500",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available."
},
{
"lang": "es",
"value": "baserCMS es un framework de desarrollo de sitios web. En las versiones 4.6.0 a 4.7.6, existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en el formulario de correo de baserCMS. Al momento de la publicaci\u00f3n, no hay versiones parcheadas disponibles."
}
],
"metrics": {

8
CVE-2023/CVE-2023-437xx/CVE-2023-43797.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43797",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.317",
"lastModified": "2023-10-30T23:15:08.317",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds."
},
{
"lang": "es",
"value": "BigBlueButton es un aula virtual de c\u00f3digo abierto. Antes de las versiones 2.6.11 y 2.7.0-beta.3, Guest Lobby era vulnerable a cross-site scripting cuando los usuarios esperaban para ingresar a la reuni\u00f3n debido a la inserci\u00f3n de mensajes no sanitizados en el elemento mediante un HTML interno no seguro. Se agreg\u00f3 sanitizaci\u00f3n de texto para los mensajes del lobby a partir de las versiones 2.6.11 y 2.7.0-beta.3. No se conocen workarounds."
}
],
"metrics": {

8
CVE-2023/CVE-2023-437xx/CVE-2023-43798.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43798",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.397",
"lastModified": "2023-10-30T23:15:08.397",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton."
},
{
"lang": "es",
"value": "BigBlueButton es un aula virtual de c\u00f3digo abierto. BigBlueButton anterior a las versiones 2.6.12 y 2.7.0-rc.1 es vulnerable a Server-Side Request Forgery (SSRF). Este problema es una omisi\u00f3n de CVE-2023-33176. Un parche en las versiones 2.6.12 y 2.7.0-rc.1 deshabilit\u00f3 el redireccionamiento de seguimiento en `httpclient.execute` ya que el software ya no tiene que seguirlo cuando usa `finalUrl`. No se conocen workarounds. Recomendamos actualizar a una versi\u00f3n parcheada de BigBlueButton."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44397.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44397",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.467",
"lastModified": "2023-10-30T23:15:08.467",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue."
},
{
"lang": "es",
"value": "CloudExplorer Lite es una plataforma de gesti\u00f3n de la nube ligera y de c\u00f3digo abierto. Antes de la versi\u00f3n 1.4.1, el filtro de puerta de enlace de CloudExplorer Lite utiliza un controlador con una ruta que comienza con `matching/API/`, lo que puede provocar una omisi\u00f3n de permisos. La versi\u00f3n 1.4.1 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-453xx/CVE-2023-45378.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.207",
"lastModified": "2023-10-31T04:15:11.207",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"PrestaBlog\" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"PrestaBlog\" (prestablog) versi\u00f3n 4.4.7 y anteriores de HDclic para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL. El script ajax slider_positions.php tiene una llamada SQL sensible que puede ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-456xx/CVE-2023-45670.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45670",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.543",
"lastModified": "2023-10-30T23:15:08.543",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via \"drive-by\" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch."
},
{
"lang": "es",
"value": "Frigate es una grabadora de v\u00eddeo en red de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.0 Beta 3, los endpoints `config/save` y `config/set` de Frigate no implementan ninguna protecci\u00f3n CSRF. Esto hace posible que una solicitud procedente de otro sitio actualice la configuraci\u00f3n del servidor Frigate (por ejemplo, mediante un ataque \"drive-by\"). Explotar esta vulnerabilidad requiere que el atacante conozca informaci\u00f3n muy espec\u00edfica sobre el servidor Frigate de un usuario y requiere que se enga\u00f1e a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podr\u00eda ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta p\u00fablicamente a Internet (incluso con autenticaci\u00f3n); el atacante conoce la direcci\u00f3n de la instancia de Frigate de un usuario; el atacante crea una p\u00e1gina especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su p\u00e1gina especializada y haga clic en el bot\u00f3n/enlace. Este problema puede provocar actualizaciones de configuraci\u00f3n arbitrarias para el servidor Frigate, lo que resulta en denegaci\u00f3n de servicio y posible filtraci\u00f3n de datos. La versi\u00f3n 0.13.0 Beta 3 contiene un parche."
}
],
"metrics": {

8
CVE-2023/CVE-2023-456xx/CVE-2023-45671.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.620",
"lastModified": "2023-10-30T23:15:08.620",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue."
},
{
"lang": "es",
"value": "Frigate es una grabadora de v\u00eddeo en red de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.0 Beta 3, hab\u00eda una vulnerabilidad de cross-site scripting reflejada en cualquier endpoint de API que dependiera de la ruta base `/`, ya que los valores proporcionados para la ruta no est\u00e1n sanitizados. Explotar esta vulnerabilidad requiere que el atacante conozca informaci\u00f3n muy espec\u00edfica sobre el servidor Frigate de un usuario y requiere que se enga\u00f1e a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podr\u00eda ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta p\u00fablicamente a Internet (incluso con autenticaci\u00f3n); el atacante conoce la direcci\u00f3n de la instancia de Frigate de un usuario; el atacante crea una p\u00e1gina especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su p\u00e1gina especializada y haga clic en el bot\u00f3n/enlace. Como los valores reflejados incluidos en la URL no se sanitiza ni se escapan, esto permite la ejecuci\u00f3n de payloads de Javascript arbitrarios. La versi\u00f3n 0.13.0 Beta 3 contiene un parche para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-456xx/CVE-2023-45672.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45672",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.697",
"lastModified": "2023-10-30T23:15:08.697",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch."
},
{
"lang": "es",
"value": "Frigate es una grabadora de v\u00eddeo en red de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.0 Beta 3, se identific\u00f3 una vulnerabilidad de deserializaci\u00f3n insegura en los endpoints utilizados para guardar configuraciones para Frigate. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado. Esto se puede realizar a trav\u00e9s de la interfaz de usuario en `/config` o mediante una llamada directa a `/api/config/save`. Explotar esta vulnerabilidad requiere que el atacante conozca informaci\u00f3n muy espec\u00edfica sobre el servidor Frigate de un usuario y requiere que se enga\u00f1e a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podr\u00eda ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta p\u00fablicamente a Internet (incluso con autenticaci\u00f3n); el atacante conoce la direcci\u00f3n de la instancia de Frigate de un usuario; el atacante crea una p\u00e1gina especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su p\u00e1gina especializada y haga clic en el bot\u00f3n/enlace. La entrada se acepta inicialmente a trav\u00e9s de `http.py`. Luego, la entrada proporcionada por el usuario se analiza y carga mediante `load_config_with_no_duplicates`. Sin embargo, `load_config_with_no_duplicates` no sanitiza esta entrada por el m\u00e9rito de usar `yaml.loader.Loader`, que puede crear instancias de constructores personalizados. Un payload proporcionado se ejecutar\u00e1 directamente en `frigate/util/builtin.py:110`. Este problema puede provocar una ejecuci\u00f3n remota de c\u00f3digo previamente autenticada. La versi\u00f3n 0.13.0 Beta 3 contiene un parche."
}
],
"metrics": {

8
CVE-2023/CVE-2023-458xx/CVE-2023-45899.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45899",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T02:15:07.957",
"lastModified": "2023-10-31T02:15:07.957",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call."
},
{
"lang": "es",
"value": "Un problema en el componente SuperUserSetuserModuleFrontController:init() de idnovate superuser anterior a v2.4.2 permite a los atacantes omitir la autenticaci\u00f3n mediante una llamada HTTP manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45956.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45956",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T22:15:10.843",
"lastModified": "2023-10-30T22:15:10.843",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands."
},
{
"lang": "es",
"value": "Un problema descubierto en Govee LED Strip v3.00.42 permite a los atacantes provocar una denegaci\u00f3n de servicio mediante comandos Move y MoveWithOnoff manipulados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45996.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45996",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T06:15:07.883",
"lastModified": "2023-10-31T06:15:07.883",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Senayan Library Management Systems Slims v.9 y Bulian v.9.6.1 permite a un atacante remoto obtener informaci\u00f3n confidencial y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para el par\u00e1metro reborrowLimit en member_type.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46040.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46040",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T02:15:08.007",
"lastModified": "2023-10-31T02:15:08.007",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para la funci\u00f3n componentes.php."
}
],
"metrics": {},

67
CVE-2023/CVE-2023-461xx/CVE-2023-46127.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46127",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-23T15:15:09.313",
"lastModified": "2023-10-23T16:07:50.927",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-31T12:17:17.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.49.0",
"matchCriteriaId": "94A420A9-14D7-4416-96EC-AF18CD78BF09"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/frappe/frappe/pull/22339",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-461xx/CVE-2023-46129.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46129",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:09.933",
"lastModified": "2023-10-31T00:15:09.933",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. \nFIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep."
},
{
"lang": "es",
"value": "NATS.io es una tecnolog\u00eda de comunicaci\u00f3n distribuida pub-sub de c\u00f3digo abierto de alto rendimiento, creada para la nube, local, IoT y computaci\u00f3n de borde. La librer\u00eda de manejo de claves criptogr\u00e1ficas, nkeys, recientemente obtuvo soporte para cifrado, no solo para firma/autenticaci\u00f3n. Esto se utiliza en nats-server 2.10 (septiembre de 2023) y versiones posteriores para llamadas de autenticaci\u00f3n. En las versiones 0.4.0 a 0.4.5 de nkeys, correspondientes a las versiones 2.10.0 a 2.10.3 del servidor NATS, la l\u00f3gica de manejo de cifrado `xkeys` de la librer\u00eda nkeys pas\u00f3 por error una matriz por valor a una funci\u00f3n interna, donde la funci\u00f3n mut\u00f3 ese b\u00fafer. para completar la clave de cifrado que se utilizar\u00e1. Como resultado, todo el cifrado se realiz\u00f3 en realidad con una clave de todos ceros. Esto afecta \u00fanicamente al cifrado, no a la firma. SOLUCI\u00d3N: COMPLETE EL IMPACTO EN LA SEGURIDAD DE LA LLAMADA DE AUTENCI\u00d3N DEL SERVIDOR NATS. La librer\u00eda nkeys Go 0.4.6, correspondiente a NATS Server 2.10.4, tiene un parche para este problema. No hay workarounds conocidos disponibles. Para cualquier aplicaci\u00f3n que maneje llamadas de autenticaci\u00f3n en Go, si usa la librer\u00eda nkeys, actualice la dependencia, vuelva a compilarla e implementarla al mismo tiempo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-461xx/CVE-2023-46138.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:10.023",
"lastModified": "2023-10-31T00:15:10.023",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually."
},
{
"lang": "es",
"value": "JumpServer es un sistema de auditor\u00eda de seguridad de mantenimiento y host basti\u00f3n de c\u00f3digo abierto que cumple con las especificaciones 4A. Antes de la versi\u00f3n 3.8.0, el correo electr\u00f3nico predeterminado para el administrador del usuario inicial era `admin[@]mycompany[.]com` y los usuarios restablec\u00edan sus contrase\u00f1as enviando un correo electr\u00f3nico. Actualmente, el dominio `miempresa.com` no ha sido registrado. Sin embargo, si se registra en el futuro, puede afectar la funcionalidad de restablecimiento de contrase\u00f1a. Este problema se solucion\u00f3 en la versi\u00f3n 3.8.0 cambiando el dominio de correo electr\u00f3nico predeterminado a \"example.com\". Aquellos que no puedan actualizar pueden cambiar el dominio de correo electr\u00f3nico predeterminado a `example.com` manualmente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-461xx/CVE-2023-46139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46139",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:10.107",
"lastModified": "2023-10-31T00:15:10.107",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps."
},
{
"lang": "es",
"value": "KernelSU es una soluci\u00f3n ra\u00edz basada en Kernel para Android. A partir de la versi\u00f3n 0.6.1 y anteriores a la versi\u00f3n 0.7.0, si un dispositivo instalado con KernelSU est\u00e1 infectado con un malware cuyo bloque de firma de aplicaci\u00f3n est\u00e1 especialmente construido, puede asumir los privilegios de root en el dispositivo. La l\u00f3gica de verificaci\u00f3n vulnerable en realidad obtiene la firma del \u00faltimo bloque con una identificaci\u00f3n de `0x7109871a`, mientras que la l\u00f3gica de verificaci\u00f3n durante la instalaci\u00f3n de Android es obtener la primera. Adem\u00e1s de la actualizaci\u00f3n de la firma real que se ha solucionado (KSU pens\u00f3 que era V2 pero en realidad era V3), tambi\u00e9n existe el problema de la degradaci\u00f3n de la firma real (KSU pens\u00f3 que era V2 pero en realidad era V1). Encuentre una condici\u00f3n en la l\u00f3gica de verificaci\u00f3n de firma que causar\u00e1 un error de no encontrar la firma, y KernelSU no implementa las mismas condiciones, por lo que KSU cree que hay una firma V2, pero la verificaci\u00f3n de firma APK en realidad usa la firma V1. Este problema se solucion\u00f3 en la versi\u00f3n 0.7.0. Como workarounds, mantenga instalado el administrador KernelSU y evite instalar aplicaciones desconocidas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-462xx/CVE-2023-46210.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46210",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T08:15:07.803",
"lastModified": "2023-10-31T08:15:07.803",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <=\u00a01.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento WebCource WC Captcha en versiones &lt;= 1.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-463xx/CVE-2023-46312.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46312",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.793",
"lastModified": "2023-10-31T10:15:08.793",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <=\u00a01.5.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Zaytech Smart Online Order for Clover en versiones &lt;= 1.5.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-463xx/CVE-2023-46313.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46313",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.867",
"lastModified": "2023-10-31T10:15:08.867",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <=\u00a07.3.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Katie Seaborn Zotpress en versiones &lt;= 7.3.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-463xx/CVE-2023-46356.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46356",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.257",
"lastModified": "2023-10-31T04:15:11.257",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"CSV Feeds PRO\" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"CSV Feeds PRO\" (csvfeeds) anterior a 2.6.1 de Bl Modules para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo `SearchApiCsv::getProducts()` tiene una llamada SQL sensible que puede ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46361.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46361",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T06:15:08.900",
"lastModified": "2023-10-31T06:15:08.900",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Artifex Software jbig2dec v0.20 contiene una vulnerabilidad SEGV a trav\u00e9s de jbig2_error en /jbig2dec/jbig2.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-464xx/CVE-2023-46451.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46451",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T07:15:11.020",
"lastModified": "2023-10-31T07:15:11.020",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field."
},
{
"lang": "es",
"value": "Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-464xx/CVE-2023-46478.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.820",
"lastModified": "2023-10-30T23:15:08.820",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter."
},
{
"lang": "es",
"value": "Un problema en minCal v.1.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro customer_data."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-465xx/CVE-2023-46502.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.857",
"lastModified": "2023-10-30T23:15:08.857",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request."
},
{
"lang": "es",
"value": "Un problema en OpenCRX v.5.2.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-466xx/CVE-2023-46622.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46622",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.940",
"lastModified": "2023-10-31T10:15:08.940",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza \u2013 A Restaurant Plugin plugin <=\u00a03.18.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento ollybach WPPizza de A Restaurant Plugin en versiones &lt;= 3.18.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-471xx/CVE-2023-47104.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47104",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T19:15:08.343",
"lastModified": "2023-10-30T19:15:08.343",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters."
},
{
"lang": "es",
"value": "tinyfiledialogs (tambi\u00e9n conocido como di\u00e1logos de archivos peque\u00f1os) anteriores a 3.15.0 permite metacaracteres de shell (como comillas invertidas o un signo de d\u00f3lar) en t\u00edtulos, mensajes y otros datos de entrada. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2020-36767, que solo consideraba comillas simples y dobles."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-471xx/CVE-2023-47174.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47174",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.313",
"lastModified": "2023-10-31T04:15:11.313",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution."
},
{
"lang": "es",
"value": "Thorn SFTP gateway 3.4.x anterior a 3.4.4 utiliza Pivotal Spring Framework para la deserializaci\u00f3n de datos no confiables en Java, que no es compatible con Pivotal, un problema relacionado con CVE-2016-1000027. Adem\u00e1s, dentro del contexto espec\u00edfico de Thorn SFTP gateway, esto conduce a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-50xx/CVE-2023-5073.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5073",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T12:15:08.753",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/iframe-forms/trunk/iframe-forms.php#L29",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/818de7f7-913a-4ade-927e-bba281b4709a?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5099.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5099",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T12:15:08.827",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2985200/hk-filter-and-search",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee2b4055-8cbd-49b7-bb0b-eddef85060fc?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-51xx/CVE-2023-5114.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5114",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T12:15:08.897",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/idbbee/trunk/idbbee.php#L34",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac763936-7147-4100-8a46-4c6d2f2224b4?source=cve",
"source": "security@wordfence.com"
}
]
}

405
CVE-2023/CVE-2023-52xx/CVE-2023-5246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5246",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-10-23T13:15:09.087",
"lastModified": "2023-10-25T18:17:43.160",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-31T11:58:05.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@sick.de",
"type": "Secondary",
@ -38,18 +58,393 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8B658A-49DD-4F7C-9A20-191C8F6F3D8F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61689FA0-FB90-4E9F-B500-AADCF8D827BE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAC00EB-BB15-4A65-A58D-B3015F7CFF85"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "896EDB87-DB8E-4D82-83EB-65403F23FEB7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1809BCF9-541E-4348-87A3-4CB37D680704"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-get00000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04537E8-8C53-4CB7-BEB8-C2CDB15FEC3D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-get00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A0E589-9A9F-4ABF-A1D0-53DE376D6E07"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-get00010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBC09BA-A57C-4CAA-B6B7-6FC7922E3862"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-get00010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E01C2381-4CC3-49C7-A4FE-9A37754C2AA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E87CA0E-7749-4F1E-B30B-78183ACF3170"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D96296E7-65D3-4C0A-8126-4AA8BEF85B39"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "925AD219-B3D3-42B6-99E6-E97298AE0A4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97742720-A8E3-49FE-BE43-EFF720F3D52D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gmod00030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "949735C8-09BE-453C-B83A-8BF80BD370B6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gmod00030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F18250E-A899-4210-A0D3-087438EFCEA3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30BF991A-B66F-48B3-8902-D50C3B38A30D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3BF752-4F49-4E90-9790-1913ED64D8B3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00770E9A-64BC-4440-A921-49ECD5C5986D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gpnt00010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60B6F37A-78EE-4D1F-ACAE-FDE864F847B8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9447F86A-5967-4C97-AF69-369EF2BD2052"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CABEFF4-C0A4-4054-8174-7B3762BC0C3F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gepr00000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B08EEEB3-7310-4382-9C30-B1F6CBC69582"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gepr00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41E76E7E-9840-4E37-A554-D0DE70E178E0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gepr00010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56AF0E16-E0E7-4B5D-ABE3-02E27B4F9AC6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gepr00010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D5EB09-6970-4CD7-BE09-D563E73B55F0"
}
]
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json",
"source": "psirt@sick.de"
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf",
"source": "psirt@sick.de"
"source": "psirt@sick.de",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-53xx/CVE-2023-5349.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5349",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-30T21:15:07.643",
"lastModified": "2023-10-30T21:15:07.643",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:47.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de p\u00e9rdida de memoria en Ruby-Magick, una interfaz entre Ruby e ImageMagick. Este problema puede provocar una denegaci\u00f3n de servicio (DOS) por agotamiento de la memoria."
}
],
"metrics": {

4
CVE-2023/CVE-2023-54xx/CVE-2023-5412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5412",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.407",
"lastModified": "2023-10-31T09:15:08.407",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5428",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.497",
"lastModified": "2023-10-31T09:15:08.497",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5429.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5429",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.570",
"lastModified": "2023-10-31T09:15:08.570",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5430",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.637",
"lastModified": "2023-10-31T09:15:08.637",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5431",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.707",
"lastModified": "2023-10-31T09:15:08.707",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5433",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.780",
"lastModified": "2023-10-31T09:15:08.780",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5434",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.857",
"lastModified": "2023-10-31T09:15:08.857",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5435",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:08.930",
"lastModified": "2023-10-31T09:15:08.930",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5436",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:09.003",
"lastModified": "2023-10-31T09:15:09.003",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5437",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:09.077",
"lastModified": "2023-10-31T09:15:09.077",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5438.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5438",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:09.147",
"lastModified": "2023-10-31T09:15:09.147",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5439",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:09.217",
"lastModified": "2023-10-31T09:15:09.217",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-54xx/CVE-2023-5464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5464",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-31T09:15:09.290",
"lastModified": "2023-10-31T09:15:09.290",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-58xx/CVE-2023-5861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5861",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.630",
"lastModified": "2023-10-31T01:15:07.630",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenado en el repositorio de GitHub microweber/microweber anterior a 2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5862.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5862",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.697",
"lastModified": "2023-10-31T01:15:07.697",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository hamza417/inure prior to Build95."
},
{
"lang": "es",
"value": "Falta autorizaci\u00f3n en el repositorio de GitHub hamza417/inure antes de Build95."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5863.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5863",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.757",
"lastModified": "2023-10-31T01:15:07.757",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): reflejado en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5864",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.817",
"lastModified": "2023-10-31T01:15:07.817",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.2.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5865.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5865",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.880",
"lastModified": "2023-10-31T01:15:07.880",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Caducidad de sesi\u00f3n insuficiente en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5866.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5866",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.947",
"lastModified": "2023-10-31T01:15:07.947",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
},
{
"lang": "es",
"value": "Cookie confidencial en sesi\u00f3n HTTPS sin atributo \"seguro\" en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.2.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5867.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5867",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:08.020",
"lastModified": "2023-10-31T01:15:08.020",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.2.2."
}
],
"metrics": {

4
CVE-2023/CVE-2023-58xx/CVE-2023-5873.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5873",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T09:15:09.363",
"lastModified": "2023-10-31T09:15:09.363",
"vulnStatus": "Received",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-31T11:35:57.336304+00:00
2023-10-31T13:00:19.128492+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-31T11:15:08.773000+00:00
2023-10-31T12:58:47.860000+00:00
```
### Last Data Feed Release
@ -29,20 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229338
229343
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `5`
* [CVE-2022-3007](CVE-2022/CVE-2022-30xx/CVE-2022-3007.json) (`2023-10-31T12:15:08.597`)
* [CVE-2023-38994](CVE-2023/CVE-2023-389xx/CVE-2023-38994.json) (`2023-10-31T12:15:08.683`)
* [CVE-2023-5073](CVE-2023/CVE-2023-50xx/CVE-2023-5073.json) (`2023-10-31T12:15:08.753`)
* [CVE-2023-5099](CVE-2023/CVE-2023-50xx/CVE-2023-5099.json) (`2023-10-31T12:15:08.827`)
* [CVE-2023-5114](CVE-2023/CVE-2023-51xx/CVE-2023-5114.json) (`2023-10-31T12:15:08.897`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `69`
* [CVE-2023-45160](CVE-2023/CVE-2023-451xx/CVE-2023-45160.json) (`2023-10-31T11:15:08.773`)
* [CVE-2023-43798](CVE-2023/CVE-2023-437xx/CVE-2023-43798.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-44397](CVE-2023/CVE-2023-443xx/CVE-2023-44397.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-45670](CVE-2023/CVE-2023-456xx/CVE-2023-45670.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-45671](CVE-2023/CVE-2023-456xx/CVE-2023-45671.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-46478](CVE-2023/CVE-2023-464xx/CVE-2023-46478.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-46129](CVE-2023/CVE-2023-461xx/CVE-2023-46129.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-46138](CVE-2023/CVE-2023-461xx/CVE-2023-46138.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-46139](CVE-2023/CVE-2023-461xx/CVE-2023-46139.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-31794](CVE-2023/CVE-2023-317xx/CVE-2023-31794.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-5861](CVE-2023/CVE-2023-58xx/CVE-2023-5861.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-5862](CVE-2023/CVE-2023-58xx/CVE-2023-5862.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-5863](CVE-2023/CVE-2023-58xx/CVE-2023-5863.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-5864](CVE-2023/CVE-2023-58xx/CVE-2023-5864.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-5865](CVE-2023/CVE-2023-58xx/CVE-2023-5865.json) (`2023-10-31T12:58:37.550`)
* [CVE-2023-41891](CVE-2023/CVE-2023-418xx/CVE-2023-41891.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-42803](CVE-2023/CVE-2023-428xx/CVE-2023-42803.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-42804](CVE-2023/CVE-2023-428xx/CVE-2023-42804.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-43647](CVE-2023/CVE-2023-436xx/CVE-2023-43647.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-43648](CVE-2023/CVE-2023-436xx/CVE-2023-43648.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-43649](CVE-2023/CVE-2023-436xx/CVE-2023-43649.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-47104](CVE-2023/CVE-2023-471xx/CVE-2023-47104.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-43792](CVE-2023/CVE-2023-437xx/CVE-2023-43792.json) (`2023-10-31T12:58:47.860`)
* [CVE-2023-5349](CVE-2023/CVE-2023-53xx/CVE-2023-5349.json) (`2023-10-31T12:58:47.860`)
## Download and Usage