admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-10T15:00:24.626809+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-10 15:00:28 +00:00
parent 1aec2ec89f
commit e247e30272
74 changed files with 2876 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-266xx/CVE-2020-26627.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26627",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:43.790",
"lastModified": "2024-01-10T09:15:43.790",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL basada en tiempo en Hospital Management System V4.0 que puede permitir a un atacante volcar informaci\u00f3n de la base de datos a trav\u00e9s de un payload manipulado ingresado en el par\u00e1metro 'Observaci\u00f3n del administrador' en la pesta\u00f1a 'Consultas de contacto -> Consulta no le\u00edda'."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-266xx/CVE-2020-26628.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26628",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:43.863",
"lastModified": "2024-01-10T09:15:43.863",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile\" page and triggered by another user visiting the profile."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) en Hospital Management System V4.0 que permite a un atacante ejecutar scripts web arbitrarios o c\u00f3digo HTML a trav\u00e9s de un payload malicioso adjuntdo a un nombre de usuario en la p\u00e1gina \"Editar perfil\" y se activa cuando otro usuario visita el perfil."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-266xx/CVE-2020-26629.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26629",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:43.910",
"lastModified": "2024-01-10T09:15:43.910",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de carga arbitraria de archivos sin restricciones de JQuery en Hospital Management System V4.0 que permite a un atacante no autenticado cargar cualquier archivo en el servidor."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-266xx/CVE-2020-26630.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-26630",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:43.953",
"lastModified": "2024-01-10T09:15:43.953",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL basada en tiempo en Hospital Management System V4.0 que puede permitir a un atacante volcar informaci\u00f3n de la base de datos a trav\u00e9s de un payload especial en el campo \"Especializaci\u00f3n de m\u00e9dicos\" en la pesta\u00f1a \"Ir a m\u00e9dicos\" despu\u00e9s de iniciar sesi\u00f3n como administrador."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-460xx/CVE-2022-46025.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-46025",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T08:15:37.570",
"lastModified": "2024-01-10T08:15:37.570",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page."
},
{
"lang": "es",
"value": "Totolink N200RE_V5 V9.3.5u.6255_B20211224 es vulnerable a un control de acceso incorrecto. El dispositivo permite a atacantes remotos obtener informaci\u00f3n del sistema Wi-Fi, como el SSID y la contrase\u00f1a de Wi-Fi, sin iniciar sesi\u00f3n en la p\u00e1gina de administraci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-314xx/CVE-2023-31446.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31446",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T03:15:43.263",
"lastModified": "2024-01-10T03:15:43.263",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup."
},
{
"lang": "es",
"value": "En el firmware XC1000_2.1.1.2303082218 y XC2000_2.1.1.2303090947 de Cassia Gateway, el par\u00e1metro queueUrl en /bypass/config no est\u00e1 sanitizado. Esto lleva a inyectar c\u00f3digo Bash y ejecutarlo con privilegios de root al iniciar el dispositivo."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-316xx/CVE-2023-31606.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31606",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T17:15:14.843",
"lastModified": "2023-07-07T01:15:08.920",
"lastModified": "2024-01-10T14:15:44.230",
"vulnStatus": "Modified",
"descriptions": [
{
@ -93,6 +93,10 @@
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00002.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202401-14",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-388xx/CVE-2023-38857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.420",
"lastModified": "2023-08-21T13:48:29.323",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T13:15:45.133",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-13",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-388xx/CVE-2023-38858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38858",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:11.597",
"lastModified": "2023-08-19T00:46:47.003",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T13:15:45.303",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://security.gentoo.org/glsa/202401-13",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-416xx/CVE-2023-41603.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41603",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T08:15:37.740",
"lastModified": "2024-01-10T08:15:37.740",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link R15 anterior a v1.08.02 no conten\u00eda restricciones de firewall para el tr\u00e1fico IPv6. Esto permite a los atacantes acceder arbitrariamente a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a trav\u00e9s de IPv6."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-417xx/CVE-2023-41781.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41781",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-01-10T07:15:49.423",
"lastModified": "2024-01-10T07:15:49.423",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a Cross-site\u00a0scripting (XSS) \u00a0vulnerability in ZTE MF258. Due to insufficient input validation of\u00a0SMS\u00a0interface parameter, an XSS attack will be triggered.\n\n"
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de Cross-Site Scripting (XSS) en ZTE MF258. Debido a una validaci\u00f3n de entrada insuficiente del par\u00e1metro de la interfaz SMS, se desencadenar\u00e1 un ataque XSS."
}
],
"metrics": {

73
CVE-2023/CVE-2023-455xx/CVE-2023-45559.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-45559",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T15:15:09.670",
"lastModified": "2024-01-03T17:26:57.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:31:19.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en Tamaki_hamanoki Line v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://tamakihamanoki.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45559.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-482xx/CVE-2023-48242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48242",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:08.237",
"lastModified": "2024-01-10T11:15:08.237",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48243",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:08.777",
"lastModified": "2024-01-10T11:15:08.777",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48244",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:08.990",
"lastModified": "2024-01-10T11:15:08.990",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48245.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48245",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:09.190",
"lastModified": "2024-01-10T11:15:09.190",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48246",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:09.410",
"lastModified": "2024-01-10T11:15:09.410",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48247",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:09.647",
"lastModified": "2024-01-10T11:15:09.647",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48248",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:09.867",
"lastModified": "2024-01-10T11:15:09.867",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48249.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48249",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:10.090",
"lastModified": "2024-01-10T11:15:10.090",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-482xx/CVE-2023-48250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48250",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T11:15:10.313",
"lastModified": "2024-01-10T11:15:10.313",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-482xx/CVE-2023-48251.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48251",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:45.370",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48252.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48252",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:45.607",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48253.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48253",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:45.803",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.\r\nBy abusing this vulnerability it is possible to exfiltrate other users\u2019 password hashes or update them with arbitrary values and access their accounts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48254.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48254",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:45.993",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim\u2019s session via a crafted URL or HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48255.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48255",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:46.200",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim\u2019s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48256.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48256",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:46.393",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim\u2019s session via a crafted URL or HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-113"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48257.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48257",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:46.590",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48258.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48258",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:46.780",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP\r\nrequest through a victim\u2019s session."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48259.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48259",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:46.990",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48260.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48260",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:47.187",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48261.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48261",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:47.383",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48262.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48262",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:47.600",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48263.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48263",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:47.793",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48264.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48264",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:47.987",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48265.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48265",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:48.173",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

55
CVE-2023/CVE-2023-482xx/CVE-2023-48266.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48266",
"sourceIdentifier": "psirt@bosch.com",
"published": "2024-01-10T13:15:48.360",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"source": "psirt@bosch.com"
}
]
}

8
CVE-2023/CVE-2023-488xx/CVE-2023-48864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48864",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T08:15:37.807",
"lastModified": "2024-01-10T08:15:37.807",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SEMCMS v4.8 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro languageID en /web_inc.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-493xx/CVE-2023-49394.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49394",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.037",
"lastModified": "2024-01-10T09:15:44.037",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly."
},
{
"lang": "es",
"value": "Las versiones 4.1.3 y anteriores de Zentao tienen una vulnerabilidad de redireccionamiento de URL, que impide que el sistema funcione correctamente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-494xx/CVE-2023-49427.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49427",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.090",
"lastModified": "2024-01-10T09:15:44.090",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en Tenda AX12 V22.03.01.46, permite a atacantes remotos causar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s del par\u00e1metro de lista en la funci\u00f3n SetNetControlList."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-494xx/CVE-2023-49471.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49471",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.140",
"lastModified": "2024-01-10T09:15:44.140",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidad de Blind Server-Side Request Forgery (SSRF) en Karlomikus Bar Assistant anterior a la versi\u00f3n 3.2.0 no valida un par\u00e1metro antes de realizar una solicitud a trav\u00e9s de Image::make(), lo que podr\u00eda permitir a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-496xx/CVE-2023-49619.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49619",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-10T09:15:44.183",
"lastModified": "2024-01-10T09:15:44.183",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.2.0.\n\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\n\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n concurrente utilizando recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta ('condici\u00f3n de ejecuci\u00f3n') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.0. En circunstancias normales, un usuario solo puede marcar una pregunta una vez y solo aumentar\u00e1 la cantidad de preguntas marcadas una vez. Sin embargo, los env\u00edos repetidos a trav\u00e9s del gui\u00f3n pueden aumentar muchas veces el n\u00famero de recopilaci\u00f3n de la pregunta. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.1], que soluciona el problema."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50120.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50120",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.290",
"lastModified": "2024-01-10T09:15:44.290",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MP4Box GPAC versi\u00f3n 2.3-DEV-rev636-gfbd7e13aa-master contiene un bucle infinito en la funci\u00f3n av1_uvlc en media_tools/av_parsers.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo MP4 manipulado."
}
],
"metrics": {},

372
CVE-2023/CVE-2023-509xx/CVE-2023-50921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50921",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T09:15:09.067",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:17:23.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,375 @@
"value": "Se descubri\u00f3 un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes pueden invocar la interfaz add_user en el m\u00f3dulo de system para obtener privilegios de root. Esto afecta a A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7 y B1300 4.3.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D462B247-60E8-4044-B413-D145F342F8BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A8D1C9-9EAE-4EDF-A1D4-D45E9EE65585"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7469E6FA-07DB-430D-BAD8-21AF64C55FBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4A042E-2C80-4EF9-93CA-D2756216BB0C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4037EFB4-EA0A-4C89-800A-2990AA8BC185"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C939D70-5353-43B7-AEF9-8F1D784DD4EF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAAD071-0070-48B9-9797-26B1D5CAC962"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE176E8-8CB1-429B-9B3B-E1F58EC0C8F5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E267A0D1-8D9B-43A9-88F0-3CA961403FBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6AF4D2-8BD0-4536-82AA-A9A06441DB59"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D84ECB-35CB-42B0-B925-8B631C235CC2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86FF086A-A9F0-4027-AAE4-0940D451CA8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0480E0BD-DAEE-42E7-A6EB-BC09889CC7B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "789782AD-CCC9-403C-810A-F634B09EEB5B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2365517B-F8AF-490D-9282-36679EB484D2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC12DFE3-F634-4737-AEF7-82685634F65E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "459CA3AD-7D9A-4E72-8847-9F989232CDCD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2321AEF1-B475-439F-A936-581337CB5181"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49448661-9D95-4218-B2FA-73610AA5523C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "12F39096-F3A6-4240-9CCF-3CEB44A549D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832083-488B-40F2-8D7A-66E917DF67F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D78DCE77-BBC1-4702-89F3-A2064A82ED85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88C600EF-AF68-45F0-B9C0-7ECA0D33179C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

373
CVE-2023/CVE-2023-509xx/CVE-2023-50922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50922",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T08:15:09.607",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T13:52:10.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,376 @@
"value": "Se descubri\u00f3 un problema en dispositivos GL.iNet hasta 4.5.0. Los atacantes que pueden robar la cookie AdminToken pueden ejecutar c\u00f3digo arbitrario cargando un archivo con formato crontab en un directorio espec\u00edfico y esperando su ejecuci\u00f3n. Esto afecta a A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7 y B1300 4.3.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt1300_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D462B247-60E8-4044-B413-D145F342F8BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A8D1C9-9EAE-4EDF-A1D4-D45E9EE65585"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt300n-v2_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7469E6FA-07DB-430D-BAD8-21AF64C55FBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt300n-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4A042E-2C80-4EF9-93CA-D2756216BB0C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar750s_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4037EFB4-EA0A-4C89-800A-2990AA8BC185"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar750s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C939D70-5353-43B7-AEF9-8F1D784DD4EF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar750_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAAD071-0070-48B9-9797-26B1D5CAC962"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE176E8-8CB1-429B-9B3B-E1F58EC0C8F5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E267A0D1-8D9B-43A9-88F0-3CA961403FBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C965DA-2D49-4ED6-B028-3A23164EDC14"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-b1300_firmware:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6AF4D2-8BD0-4536-82AA-A9A06441DB59"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-b1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D84ECB-35CB-42B0-B925-8B631C235CC2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt6000_firmware:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86FF086A-A9F0-4027-AAE4-0940D451CA8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0480E0BD-DAEE-42E7-A6EB-BC09889CC7B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-a1300_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "789782AD-CCC9-403C-810A-F634B09EEB5B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2365517B-F8AF-490D-9282-36679EB484D2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-ax1800_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC12DFE3-F634-4737-AEF7-82685634F65E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "459CA3AD-7D9A-4E72-8847-9F989232CDCD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2321AEF1-B475-439F-A936-581337CB5181"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49448661-9D95-4218-B2FA-73610AA5523C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt3000_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "12F39096-F3A6-4240-9CCF-3CEB44A549D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832083-488B-40F2-8D7A-66E917DF67F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:gl-mt2500_firmware:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D78DCE77-BBC1-4702-89F3-A2064A82ED85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88C600EF-AF68-45F0-B9C0-7ECA0D33179C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-512xx/CVE-2023-51252.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51252",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.340",
"lastModified": "2024-01-10T09:15:44.340",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing."
},
{
"lang": "es",
"value": "PublicCMS 4.0 es vulnerable a Cross Site Scripting (XSS). Debido a que se pueden cargar archivos y se proporciona la funci\u00f3n de vista previa en l\u00ednea, se cargan archivos pdf y archivos html que contienen c\u00f3digo malicioso, y se crea una ventana emergente XSS a trav\u00e9s de la visualizaci\u00f3n en l\u00ednea."
}
],
"metrics": {},

20
CVE-2023/CVE-2023-519xx/CVE-2023-51961.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51961",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T14:15:44.520",
"lastModified": "2024-01-10T14:15:44.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the function formGetIptv ."
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-519xx/CVE-2023-51966.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51966",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T14:15:44.583",
"lastModified": "2024-01-10T14:15:44.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the function setIptvInfo."
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-519xx/CVE-2023-51971.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51971",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T13:15:48.547",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the function getIptvInfo."
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-519xx/CVE-2023-51972.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51972",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T13:15:48.593",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp."
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Command-Injection-in-fromAdvSetLanIp-7b2892fac8234cff90ca15af4947a8e7",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-54xx/CVE-2023-5455.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-5455",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-10T13:15:48.643",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5455",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242828",
"source": "secalert@redhat.com"
},
{
"url": "https://www.freeipa.org/release-notes/4-10-3.html",
"source": "secalert@redhat.com"
},
{
"url": "https://www.freeipa.org/release-notes/4-11-1.html",
"source": "secalert@redhat.com"
},
{
"url": "https://www.freeipa.org/release-notes/4-6-10.html",
"source": "secalert@redhat.com"
},
{
"url": "https://www.freeipa.org/release-notes/4-9-14.html",
"source": "secalert@redhat.com"
}
]
}

70
CVE-2023/CVE-2023-69xx/CVE-2023-6980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6980",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.500",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T13:29:13.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.5.1",
"matchCriteriaId": "8FA38489-0282-4D9A-8AFF-1048C1FEE5FA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-sms/wp-sms/commit/0f36e2f521ade8ddfb3e04786defe074370afb50",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-02xx/CVE-2024-0209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0209",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:10.793",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:03:18.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndIncluding": "3.6.19",
"matchCriteriaId": "65FBDC60-FF20-4229-ABC0-EE9086383FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.0.11",
"matchCriteriaId": "8B81555C-B047-479C-A5C2-44B5FFEF9332"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F212AE9-0C17-4994-8B70-853E941D27E4"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19501",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-02.html",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-02xx/CVE-2024-0210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0210",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:11.150",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:07:07.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F212AE9-0C17-4994-8B70-853E941D27E4"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19504",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-04.html",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-02xx/CVE-2024-0211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0211",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-03T08:15:11.443",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:11:32.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F212AE9-0C17-4994-8B70-853E941D27E4"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-03xx/CVE-2024-0310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0310",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-01-10T11:15:10.580",
"lastModified": "2024-01-10T11:15:10.580",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-03xx/CVE-2024-0359.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0359",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T02:15:46.637",
"lastModified": "2024-01-10T02:15:46.637",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los proyectos de c\u00f3digo Simple Online Hotel Reservation System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo login.php. La manipulaci\u00f3n del argumento username/password conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-250126 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0360.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0360",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T02:15:46.873",
"lastModified": "2024-01-10T02:15:46.873",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Hospital Management System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo admin/edit-doctor-specialization.php. La manipulaci\u00f3n del argumento doctorspecilization conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250127."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0361.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0361",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T03:15:44.330",
"lastModified": "2024-01-10T03:15:44.330",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo admin/contact.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento mobnum conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250128."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0362.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0362",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T03:15:44.540",
"lastModified": "2024-01-10T03:15:44.540",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo admin/change-password.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento cpass conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-250129."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0363.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0363",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T03:15:44.743",
"lastModified": "2024-01-10T03:15:44.743",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo admin/patient-search.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento searchdata conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-250130 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0364.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0364",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T03:15:44.947",
"lastModified": "2024-01-10T03:15:44.947",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo admin/query-details.php. La manipulaci\u00f3n del argumento adminremark conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250131."
}
],
"metrics": {

88
CVE-2024/CVE-2024-03xx/CVE-2024-0389.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0389",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T14:15:44.663",
"lastModified": "2024-01-10T14:15:44.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250230",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250230",
"source": "cna@vuldb.com"
}
]
}

15
CVE-2024/CVE-2024-03xx/CVE-2024-0395.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-0395",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-01-10T14:15:44.970",
"lastModified": "2024-01-10T14:15:44.970",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: NON Security Issue."
}
],
"metrics": {},
"references": []
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20710.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20710",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:48.843",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20711.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20711",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.057",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20712.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20712",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.320",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20713.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20713",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.510",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20714.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20714",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.703",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20715.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20715",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.900",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
}
]
}

63
CVE-2024/CVE-2024-208xx/CVE-2024-20808.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20808",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-01-04T01:15:10.040",
"lastModified": "2024-01-04T01:30:19.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:33:08.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en Nearby device scanning en la versi\u00f3n anterior 11.1.14.7 permite a un atacante local acceder a los datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:nearby_device_scanning:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.14.7",
"matchCriteriaId": "543D4C78-B811-413E-9400-570B594EE3BC"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-208xx/CVE-2024-20809.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20809",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-01-04T01:15:10.210",
"lastModified": "2024-01-04T01:30:19.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-10T14:21:37.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en Nearby device scanning en la versi\u00f3n anterior 11.1.14.7 permite a un atacante local acceder a los datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:nearby_device_scanning:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.14.7",
"matchCriteriaId": "543D4C78-B811-413E-9400-570B594EE3BC"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-216xx/CVE-2024-21643.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21643",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-10T05:15:09.050",
"lastModified": "2024-01-10T05:15:09.050",
"vulnStatus": "Received",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher."
},
{
"lang": "es",
"value": "Las extensiones IdentityModel para .NET proporcionan ensamblados para desarrolladores web que deseen utilizar proveedores de identidad federados para establecer la identidad de la persona que llama. Cualquiera que aproveche el protocolo `SignedHttpRequest` o `SignedHttpRequestValidator` es vulnerable. Microsoft.IdentityModel conf\u00eda en el reclamo `jku` de forma predeterminada para el protocolo `SignedHttpRequest`. Esto plantea la posibilidad de realizar cualquier solicitud `HTTP GET` remota o local. La vulnerabilidad se ha solucionado en Microsoft.IdentityModel.Protocols.SignedHttpRequest. Los usuarios deben actualizar todas sus versiones de Microsoft.IdentityModel a 7.1.2 (para 7x) o superior, 6.34.0 (para 6x) o superior."
}
],
"metrics": {

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-10T13:00:24.645286+00:00
2024-01-10T15:00:24.626809+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-10T11:15:10.580000+00:00
2024-01-10T14:33:08.153000+00:00
```
### Last Data Feed Release
@ -29,29 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235396
235425
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `29`
* [CVE-2023-48242](CVE-2023/CVE-2023-482xx/CVE-2023-48242.json) (`2024-01-10T11:15:08.237`)
* [CVE-2023-48243](CVE-2023/CVE-2023-482xx/CVE-2023-48243.json) (`2024-01-10T11:15:08.777`)
* [CVE-2023-48244](CVE-2023/CVE-2023-482xx/CVE-2023-48244.json) (`2024-01-10T11:15:08.990`)
* [CVE-2023-48245](CVE-2023/CVE-2023-482xx/CVE-2023-48245.json) (`2024-01-10T11:15:09.190`)
* [CVE-2023-48246](CVE-2023/CVE-2023-482xx/CVE-2023-48246.json) (`2024-01-10T11:15:09.410`)
* [CVE-2023-48247](CVE-2023/CVE-2023-482xx/CVE-2023-48247.json) (`2024-01-10T11:15:09.647`)
* [CVE-2023-48248](CVE-2023/CVE-2023-482xx/CVE-2023-48248.json) (`2024-01-10T11:15:09.867`)
* [CVE-2023-48249](CVE-2023/CVE-2023-482xx/CVE-2023-48249.json) (`2024-01-10T11:15:10.090`)
* [CVE-2023-48250](CVE-2023/CVE-2023-482xx/CVE-2023-48250.json) (`2024-01-10T11:15:10.313`)
* [CVE-2024-0310](CVE-2024/CVE-2024-03xx/CVE-2024-0310.json) (`2024-01-10T11:15:10.580`)
* [CVE-2023-48260](CVE-2023/CVE-2023-482xx/CVE-2023-48260.json) (`2024-01-10T13:15:47.187`)
* [CVE-2023-48261](CVE-2023/CVE-2023-482xx/CVE-2023-48261.json) (`2024-01-10T13:15:47.383`)
* [CVE-2023-48262](CVE-2023/CVE-2023-482xx/CVE-2023-48262.json) (`2024-01-10T13:15:47.600`)
* [CVE-2023-48263](CVE-2023/CVE-2023-482xx/CVE-2023-48263.json) (`2024-01-10T13:15:47.793`)
* [CVE-2023-48264](CVE-2023/CVE-2023-482xx/CVE-2023-48264.json) (`2024-01-10T13:15:47.987`)
* [CVE-2023-48265](CVE-2023/CVE-2023-482xx/CVE-2023-48265.json) (`2024-01-10T13:15:48.173`)
* [CVE-2023-48266](CVE-2023/CVE-2023-482xx/CVE-2023-48266.json) (`2024-01-10T13:15:48.360`)
* [CVE-2023-51971](CVE-2023/CVE-2023-519xx/CVE-2023-51971.json) (`2024-01-10T13:15:48.547`)
* [CVE-2023-51972](CVE-2023/CVE-2023-519xx/CVE-2023-51972.json) (`2024-01-10T13:15:48.593`)
* [CVE-2023-5455](CVE-2023/CVE-2023-54xx/CVE-2023-5455.json) (`2024-01-10T13:15:48.643`)
* [CVE-2023-48251](CVE-2023/CVE-2023-482xx/CVE-2023-48251.json) (`2024-01-10T13:15:45.370`)
* [CVE-2023-48252](CVE-2023/CVE-2023-482xx/CVE-2023-48252.json) (`2024-01-10T13:15:45.607`)
* [CVE-2023-48253](CVE-2023/CVE-2023-482xx/CVE-2023-48253.json) (`2024-01-10T13:15:45.803`)
* [CVE-2023-48254](CVE-2023/CVE-2023-482xx/CVE-2023-48254.json) (`2024-01-10T13:15:45.993`)
* [CVE-2023-48255](CVE-2023/CVE-2023-482xx/CVE-2023-48255.json) (`2024-01-10T13:15:46.200`)
* [CVE-2023-51961](CVE-2023/CVE-2023-519xx/CVE-2023-51961.json) (`2024-01-10T14:15:44.520`)
* [CVE-2023-51966](CVE-2023/CVE-2023-519xx/CVE-2023-51966.json) (`2024-01-10T14:15:44.583`)
* [CVE-2024-20710](CVE-2024/CVE-2024-207xx/CVE-2024-20710.json) (`2024-01-10T13:15:48.843`)
* [CVE-2024-20711](CVE-2024/CVE-2024-207xx/CVE-2024-20711.json) (`2024-01-10T13:15:49.057`)
* [CVE-2024-20712](CVE-2024/CVE-2024-207xx/CVE-2024-20712.json) (`2024-01-10T13:15:49.320`)
* [CVE-2024-20713](CVE-2024/CVE-2024-207xx/CVE-2024-20713.json) (`2024-01-10T13:15:49.510`)
* [CVE-2024-20714](CVE-2024/CVE-2024-207xx/CVE-2024-20714.json) (`2024-01-10T13:15:49.703`)
* [CVE-2024-20715](CVE-2024/CVE-2024-207xx/CVE-2024-20715.json) (`2024-01-10T13:15:49.900`)
* [CVE-2024-0389](CVE-2024/CVE-2024-03xx/CVE-2024-0389.json) (`2024-01-10T14:15:44.663`)
* [CVE-2024-0395](CVE-2024/CVE-2024-03xx/CVE-2024-0395.json) (`2024-01-10T14:15:44.970`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `44`
* [CVE-2023-48247](CVE-2023/CVE-2023-482xx/CVE-2023-48247.json) (`2024-01-10T13:56:06.947`)
* [CVE-2023-48248](CVE-2023/CVE-2023-482xx/CVE-2023-48248.json) (`2024-01-10T13:56:06.947`)
* [CVE-2023-48249](CVE-2023/CVE-2023-482xx/CVE-2023-48249.json) (`2024-01-10T13:56:06.947`)
* [CVE-2023-48250](CVE-2023/CVE-2023-482xx/CVE-2023-48250.json) (`2024-01-10T13:56:06.947`)
* [CVE-2023-31446](CVE-2023/CVE-2023-314xx/CVE-2023-31446.json) (`2024-01-10T13:56:12.537`)
* [CVE-2023-41781](CVE-2023/CVE-2023-417xx/CVE-2023-41781.json) (`2024-01-10T13:56:12.537`)
* [CVE-2023-41603](CVE-2023/CVE-2023-416xx/CVE-2023-41603.json) (`2024-01-10T13:56:12.537`)
* [CVE-2023-48864](CVE-2023/CVE-2023-488xx/CVE-2023-48864.json) (`2024-01-10T13:56:12.537`)
* [CVE-2023-49394](CVE-2023/CVE-2023-493xx/CVE-2023-49394.json) (`2024-01-10T13:56:12.537`)
* [CVE-2023-31606](CVE-2023/CVE-2023-316xx/CVE-2023-31606.json) (`2024-01-10T14:15:44.230`)
* [CVE-2023-50921](CVE-2023/CVE-2023-509xx/CVE-2023-50921.json) (`2024-01-10T14:17:23.097`)
* [CVE-2023-45559](CVE-2023/CVE-2023-455xx/CVE-2023-45559.json) (`2024-01-10T14:31:19.180`)
* [CVE-2024-0310](CVE-2024/CVE-2024-03xx/CVE-2024-0310.json) (`2024-01-10T13:56:06.947`)
* [CVE-2024-0359](CVE-2024/CVE-2024-03xx/CVE-2024-0359.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-0360](CVE-2024/CVE-2024-03xx/CVE-2024-0360.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-0361](CVE-2024/CVE-2024-03xx/CVE-2024-0361.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-0362](CVE-2024/CVE-2024-03xx/CVE-2024-0362.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-0363](CVE-2024/CVE-2024-03xx/CVE-2024-0363.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-0364](CVE-2024/CVE-2024-03xx/CVE-2024-0364.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-21643](CVE-2024/CVE-2024-216xx/CVE-2024-21643.json) (`2024-01-10T13:56:12.537`)
* [CVE-2024-0209](CVE-2024/CVE-2024-02xx/CVE-2024-0209.json) (`2024-01-10T14:03:18.133`)
* [CVE-2024-0210](CVE-2024/CVE-2024-02xx/CVE-2024-0210.json) (`2024-01-10T14:07:07.967`)
* [CVE-2024-0211](CVE-2024/CVE-2024-02xx/CVE-2024-0211.json) (`2024-01-10T14:11:32.643`)
* [CVE-2024-20809](CVE-2024/CVE-2024-208xx/CVE-2024-20809.json) (`2024-01-10T14:21:37.030`)
* [CVE-2024-20808](CVE-2024/CVE-2024-208xx/CVE-2024-20808.json) (`2024-01-10T14:33:08.153`)
## Download and Usage