diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json index ff47303dfc8..7c258205367 100644 --- a/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42536.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42536", "sourceIdentifier": "security@android.com", "published": "2023-11-29T22:15:07.110", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:56:14.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Ejecuci\u00f3n remota de c\u00f3digo" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json index b39f626598d..f92db5a2513 100644 --- a/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42537.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42537", "sourceIdentifier": "security@android.com", "published": "2023-11-29T22:15:07.173", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:56:07.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Ejecuci\u00f3n remota de c\u00f3digo" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json index 9af54a52126..65eda237e9f 100644 --- a/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42538.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42538", "sourceIdentifier": "security@android.com", "published": "2023-11-29T22:15:07.220", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:55:59.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Elevaci\u00f3n de privilegios" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json index 28f51b9f0a2..2d59ff81592 100644 --- a/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42539.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42539", "sourceIdentifier": "security@android.com", "published": "2023-11-29T22:15:07.267", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:55:52.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Divulgaci\u00f3n de informaci\u00f3n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json index 71b017cd81f..ffe966d0800 100644 --- a/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42540.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42540", "sourceIdentifier": "security@android.com", "published": "2023-11-29T22:15:07.317", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:55:42.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Elevaci\u00f3n de privilegios" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json b/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json index 368a13f21f2..a1d99f95fcf 100644 --- a/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json +++ b/CVE-2022/CVE-2022-425xx/CVE-2022-42541.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42541", "sourceIdentifier": "security@android.com", "published": "2023-11-29T22:15:07.363", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:55:33.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Ejecuci\u00f3n remota de c\u00f3digo" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/docs/security/bulletin/chromecast/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33333.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33333.json index 1ad58a4f743..8b07a1b35e5 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33333.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33333.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33333", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T14:15:08.323", - "lastModified": "2023-11-30T14:48:40.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:59:20.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium permite Cross-Site Scripting (XSS). Este problema afecta a Complianz: desde n/a hasta 6.4.4; Complianz Premium: desde n/a hasta 6.4.6.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,14 +70,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:really-simple-plugins:complianz:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.4.6", + "matchCriteriaId": "07CB090D-90D9-4822-BBEA-D8108F6E38E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:really-simple-plugins:complianz:*:*:*:*:premium:wordpress:*:*", + "versionEndExcluding": "6.4.7", + "matchCriteriaId": "FA45E269-AA1E-41EE-ACF8-64C053EA2BBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-6-1-csrf-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/complianz-gdpr/wordpress-complianz-plugin-6-4-4-csrf-lead-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json index 2f4044de7a6..7940528b07d 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3741.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3741", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-11-30T01:15:07.187", - "lastModified": "2023-11-30T13:39:13.380", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:52:00.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en NEC Platforms DT900 and DT900S Series, todas las versiones, permite a un atacante ejecutar cualquier comando en el dispositivo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary", @@ -27,10 +60,609 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-6dgs-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D34FA4D-DBF4-4A41-9E11-74B2BB3E1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-6dgs-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2F866A1-FE6B-4C03-8738-1201C2E6848F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32lcgs-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69FECFD5-0ACB-41B0-9AD8-1EA6EB0D1205" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32lcgs-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "559BCF01-8716-4F42-8FA2-95DB68744E91" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32tcgs-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1F6B893-3360-42B3-8779-B4F166BEBADC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32tcgs-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "977F829C-51E0-4408-86EB-4A5F4F2AF02B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-6d-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC34950E-33C6-4CDF-94F9-CB6D7F7D3953" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-6d-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5D81DD6F-5026-4F53-BEA7-F66249EAFC55" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-12d-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15FA9B5C-BF54-46BA-97CA-42D4A071B0C8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-12d-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7DCF0DF4-594A-46C5-A3DC-BB38856D6A52" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-8lcx-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37E9D966-2B63-4DFF-BA57-0B1A0556BCC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-8lcx-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083510DD-C5B1-44B1-9CB7-D5A42FBAAC9A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-8tcgx-1\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C3AE0212-F703-40AE-A20F-5987DFE88363" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-8tcgx-1\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E484F75-1CEB-43EE-B56A-8449562F1D96" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-6dgs-1a\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10375D05-E64E-4BF9-8A2C-46AE94B13A1A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-6dgs-1a\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D73BE74-0868-462E-B8C7-4A1540EDF103" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32lcgs-1a\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BFADF7DF-3198-4249-BF53-7CAF692E033F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32lcgs-1a\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE7538E9-EA61-4494-9958-475097C1A655" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32tcgs-1a\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAF30F9E-0CAE-4E3D-94D0-5131D419E7A5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32tcgs-1a\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0F18ADDA-F8E7-4502-8413-89335DAD271A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-6dgs-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F5F0F713-C37A-422B-BD01-99E91F35CA2F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-6dgs-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BCE2B688-B9DA-405C-B4CC-0A8CC3CB0BB6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32lcgs-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CC8ABE27-1577-4D4E-90C4-D7EDB7EBFC6A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32lcgs-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75A896BD-D903-455B-B188-B8CDBE8AAFFC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32tcgs-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E699313-5667-4261-B744-930B9E1B8593" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32tcgs-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D173DF06-51BA-49A2-A708-BD3050BA52D2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-6d-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B103B15-D567-484E-BA7C-56B7461213D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-6d-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3018EA32-2B4A-46ED-9573-FF40233B1F65" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-12d-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D18351C0-30C7-44A3-B958-45398A2B6494" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-12d-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EDE89E1E-EEF5-46C4-8E09-11C212481BFD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-6dg-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D7A06E0-238E-421E-AA0C-A6213F20250E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-6dg-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "749CF6D9-E0BC-40E0-960F-A8BE63F9C644" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-12dg-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9EBC02EF-7A5E-4145-AB39-765A0C65F37C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-12dg-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A94570B8-1E9E-4D95-8CE0-7D03A9C90BDD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-8lcx-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34A49F73-9178-4F55-9CF8-043CA50F82C5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-8lcx-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8C0DD87-4B3B-45CF-BBFF-37287E9B3813" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-8lcg-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EE144BC-8DCC-4036-ABD7-B68F306839B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-8lcg-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9DD939D2-E4CF-4EC9-971A-55A240A59BCA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32lcg-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D077F3E8-87E3-4613-A980-9111B88B48B0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32lcg-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4DF0D11E-592C-4514-9F41-56C96C57E7F7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-8tcgx-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "31A24B52-4C28-4ABC-AAAA-1FC0CAE732DF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-8tcgx-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D39AA9A-FA93-4445-A7B1-F956FE7079CC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nec:itk-32tcg-1p\\(bk\\)tel_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "632954BD-9AE3-446B-A4CB-99495700867F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nec:itk-32tcg-1p\\(bk\\)tel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1447B2-28E9-400B-86AF-10606CEC3543" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://jpn.nec.com/security-info/secinfo/nv23-011_en.html", - "source": "psirt-info@cyber.jp.nec.com" + "source": "psirt-info@cyber.jp.nec.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40458.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40458.json index e0b4390e710..f3b7276eadf 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40458.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40458.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40458", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-11-29T23:15:20.367", - "lastModified": "2023-12-04T23:15:24.800", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-05T01:55:09.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@sierrawireless.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + }, { "source": "security@sierrawireless.com", "type": "Secondary", @@ -50,10 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.9.8", + "matchCriteriaId": "79B70B8B-C6C1-428C-88A5-5E85AE32C187" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10.0", + "versionEndIncluding": "4.16.2", + "matchCriteriaId": "BB0B824A-C2A5-4637-B779-397D96FCE3B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs", - "source": "security@sierrawireless.com" + "source": "security@sierrawireless.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json index 7c7e5636aa1..8b0a2d780fa 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47272", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T00:15:09.380", - "lastModified": "2023-12-04T13:15:07.500", + "lastModified": "2023-12-05T01:15:07.110", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -118,6 +118,10 @@ "Release Notes" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00005.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GILSR762MJB3BNJOVOCMW2JXEPV46IIQ/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48282.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48282.json index 2a7b18e0e36..de32594cb1e 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48282.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48282.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48282", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:08.503", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-05T01:59:29.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el filtro Andrea Landonio Taxonomy permite la Cross Site Request Forgery. Este problema afecta al filtro Taxonomy: desde n/a hasta 2.2.9." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:andrealandonio:taxonomy_filter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.9", + "matchCriteriaId": "63E3862A-7B68-4DE2-A673-9C8B8B249B15" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/taxonomy-filter/wordpress-taxonomy-filter-plugin-2-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48283.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48283.json index b5765e86da4..841104eddee 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48283.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48283.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48283", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:08.713", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:00.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en PressTigers Simple Testimonials Showcase permite Cross Site Request Forgery. Este problema afecta a Simple Testimonials Showcase: desde n/a hasta 1.1.5." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:presstigers:simple_testimonials_showcase:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.5", + "matchCriteriaId": "4264D259-DA4D-4B7B-8436-A6F923A00518" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simple-testimonials-showcase/wordpress-simple-testimonials-showcase-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48284.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48284.json index 0ac5725e747..c6defe133ff 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48284.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48284.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48284", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:08.933", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:11.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator \u2013 WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator \u2013 WooCommerce Email Customizer: from n/a through 1.2.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WebToffee Decorator \u2013 WooCommerce Email Customizer permite Cross Site Request Forgery. Este problema afecta a Decorator \u2013 WooCommerce Email Customizer: desde n/a hasta 1.2.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtoffee:decorator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.7", + "matchCriteriaId": "406844A1-6369-4E92-BA88-27A62F2F64C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/decorator-woocommerce-email-customizer/wordpress-decorator-woocommerce-email-customizer-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json new file mode 100644 index 00000000000..ef33e4150d4 --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48315", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:07.230", + "lastModified": "2023-12-05T01:15:07.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + }, + { + "lang": "en", + "value": "CWE-825" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/netxduo/security/advisories/GHSA-rj6h-jjg2-7gf3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json new file mode 100644 index 00000000000..25906d9ed33 --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48316", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:07.503", + "lastModified": "2023-12-05T01:15:07.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + }, + { + "lang": "en", + "value": "CWE-825" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48323.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48323.json index 6b54edc7985..75ffcfd01ed 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48323.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48323.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48323", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:09.123", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:16.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support \u2013 WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin permite Cross Site Request Forgery. Este problema afecta a Awesome Support \u2013 WordPress HelpDesk & Support Plugin: desde n/a hasta 6.1.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.1.4", + "matchCriteriaId": "E6C4A909-BB30-4D21-9CA4-566600A172D3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-wordpress-helpdesk-support-plugin-plugin-6-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48330.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48330.json index 6c5cf4a5e22..1ab896fac03 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48330.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48330.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48330", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:09.310", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:23.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mike Strand Bulk Comment Remove permite Cross Site Request Forgery. Este problema afecta a Bulk Comment Remove: de n/a a 2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:supremo:bulk_comment_remove:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "7F7F07DA-0919-4E29-96E5-D675C092A7EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bulk-comment-remove/wordpress-bulk-comment-remove-plugin-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48331.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48331.json index 982218c9104..18d8b5171ff 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48331.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48331.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48331", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:09.500", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:32.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Stormhill Media MyBookTable Bookstore de Stormhill Media permite Cross Site Request Forgery. Este problema afecta a MyBookTable Bookstore de Stormhill Media: desde n/a hasta 3.3.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stormhillmedia:mybook_table_bookstore:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.4", + "matchCriteriaId": "69DA258B-FC99-4A76-99B1-7A90BF745901" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mybooktable/wordpress-mybooktable-bookstore-by-stormhill-media-plugin-3-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48334.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48334.json index 492f6cdc66a..11d30c94d5b 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48334.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48334.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48334", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:09.693", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:37.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en DAEXT League Table permite Cross Site Request Forgery. Este problema afecta a League Table: desde n/a hasta 1.13." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:daext:league_table:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.13", + "matchCriteriaId": "8D7EAC59-7EBD-4BA1-B688-C20A3B6C3333" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/league-table-lite/wordpress-league-table-plugin-1-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json new file mode 100644 index 00000000000..f7de40d21d7 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48691", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:07.747", + "lastModified": "2023-12-05T01:15:07.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/netxduo/security/advisories/GHSA-fwmg-rj6g-w99p", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json new file mode 100644 index 00000000000..7c4cd303d78 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48692", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:07.957", + "lastModified": "2023-12-05T01:15:07.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + }, + { + "lang": "en", + "value": "CWE-825" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/netxduo/security/advisories/GHSA-m2rx-243p-9w64", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json new file mode 100644 index 00000000000..4de2a7bcfde --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48693", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:08.167", + "lastModified": "2023-12-05T01:15:08.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/threadx/security/advisories/GHSA-p7w6-62rq-vrf9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json new file mode 100644 index 00000000000..c9281bd6532 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48694", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:08.393", + "lastModified": "2023-12-05T01:15:08.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-825" + }, + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-qjw8-7w86-44qj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json new file mode 100644 index 00000000000..eee6c43ed6a --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48695", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:08.640", + "lastModified": "2023-12-05T01:15:08.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json new file mode 100644 index 00000000000..aafe322362d --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48696", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:08.877", + "lastModified": "2023-12-05T01:15:08.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.4, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + }, + { + "lang": "en", + "value": "CWE-825" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-h733-98hq-f884", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json new file mode 100644 index 00000000000..1551eaa03e4 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-48697", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:09.120", + "lastModified": "2023-12-05T01:15:09.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + }, + { + "lang": "en", + "value": "CWE-787" + }, + { + "lang": "en", + "value": "CWE-825" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-p2p9-wp2q-wjv4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json new file mode 100644 index 00000000000..e7a9d9554a0 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48698", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-05T01:15:09.353", + "lastModified": "2023-12-05T01:15:09.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + }, + { + "lang": "en", + "value": "CWE-825" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-grhp-f66q-x857", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48744.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48744.json index 74e1c32c2fb..a3727921c6a 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48744.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48744.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48744", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:09.893", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T02:00:43.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Offshore Web Master Availability Calendar permite Cross Site Request Forgery. Este problema afecta a Availability Calendar: desde n/a hasta 1.2.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:offshorewebmaster:availability_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.6", + "matchCriteriaId": "A1BF5656-0A17-41EA-95E9-6A97EC4B5C05" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/availability-calendar/wordpress-availability-calendar-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json index 65679483bcc..ac67c5395b7 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49082.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49082", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-29T20:15:08.180", - "lastModified": "2023-11-29T20:53:05.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:51:49.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0." + }, + { + "lang": "es", + "value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Una validaci\u00f3n inadecuada hace posible que un atacante modifique la solicitud HTTP (por ejemplo, inserte un nuevo encabezado) o incluso cree una nueva solicitud HTTP si el atacante controla el m\u00e9todo HTTP. La vulnerabilidad ocurre s\u00f3lo si el atacante puede controlar el m\u00e9todo HTTP (GET, POST, etc.) de la solicitud. Si el atacante puede controlar la versi\u00f3n HTTP de la solicitud, podr\u00e1 modificar la solicitud (contrabando de solicitudes). Este problema se solucion\u00f3 en la versi\u00f3n 3.9.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +74,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.0", + "matchCriteriaId": "B601D31B-56AB-4C39-8CC0-12CFA373E53A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json index 5d32996df81..ee58f854a7a 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49083.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49083", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-29T19:15:07.967", - "lastModified": "2023-11-29T21:15:07.823", + "lastModified": "2023-12-05T02:15:06.827", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6." + }, + { + "lang": "es", + "value": "cryptography es un paquete dise\u00f1ado para exponer recetas y primitivas criptogr\u00e1ficas a los desarrolladores de Python. Llamar a `load_pem_pkcs7_certificates` o `load_der_pkcs7_certificates` podr\u00eda provocar una desreferencia de puntero NULL y un error de segmentaci\u00f3n. La explotaci\u00f3n de esta vulnerabilidad plantea un grave riesgo de Denegaci\u00f3n de Servicio (DoS) para cualquier aplicaci\u00f3n que intente deserializar un blob/certificado PKCS7. Las consecuencias se extienden a posibles interrupciones en la disponibilidad y estabilidad del sistema. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 41.0.6." } ], "metrics": { @@ -17,20 +21,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", + "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "baseScore": 5.9, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, - "impactScore": 5.2 + "exploitabilityScore": 2.2, + "impactScore": 3.6 } ] }, @@ -47,10 +51,6 @@ } ], "references": [ - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/29/2", - "source": "security-advisories@github.com" - }, { "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49103.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49103.json index 7e06f651652..03f2d2e204a 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49103.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49103.json @@ -1,8 +1,8 @@ { "id": "CVE-2023-49103", - "sourceIdentifier": "secure@microsoft.com", + "sourceIdentifier": "cve@mitre.org", "published": "2023-11-21T22:15:08.277", - "lastModified": "2023-12-05T00:15:08.323", + "lastModified": "2023-12-05T01:15:09.570", "vulnStatus": "Modified", "cisaExploitAdd": "2023-11-30", "cisaActionDue": "2023-12-21", @@ -20,29 +20,9 @@ ], "metrics": { "cvssMetricV31": [ - { - "source": "secure@microsoft.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 10.0, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 6.0 - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", @@ -59,6 +39,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 } ] }, @@ -99,11 +99,11 @@ "references": [ { "url": "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/", - "source": "secure@microsoft.com" + "source": "cve@mitre.org" }, { "url": "https://owncloud.org/security", - "source": "secure@microsoft.com" + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49693.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49693.json index b81224b11bb..e36ce199913 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49693.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49693", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-11-29T23:15:20.567", - "lastModified": "2023-11-30T13:39:19.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:54:46.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.0.34", + "matchCriteriaId": "910077CB-66F7-44DC-8FD8-0CE742C16AA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://kb.netgear.com/000065886/Security-Advisory-for-Sensitive-Information-Disclosure-on-the-NMS300-PSV-2023-0126", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.tenable.com/security/research/tra-2023-39", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49694.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49694.json index 86c2caaf4ea..3c538b9f44a 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49694.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49694.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49694", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-11-29T23:15:20.750", - "lastModified": "2023-11-30T13:39:13.380", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:54:34.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.0.31", + "matchCriteriaId": "9A616F4D-0720-4399-8630-F0A017A50439" + } + ] + } + ] + } + ], "references": [ { "url": "https://kb.netgear.com/000065885/Security-Advisory-for-Vertical-Privilege-Escalation-on-the-NMS300-PSV-2023-0127", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.tenable.com/security/research/tra-2023-39", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6137.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6137.json index 66e1ed989a3..91a77540903 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6137.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6137.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6137", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-30T13:15:10.503", - "lastModified": "2023-11-30T13:38:42.753", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T01:57:48.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en finnj Frontier Post permite Cross Site Request Forgery. Este problema afecta a Frontier Post: desde n/a hasta 6.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfrontier:frontier_post:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.1", + "matchCriteriaId": "AB28576E-B5A5-4169-AD0B-7FBB169AC6F7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/frontier-post/wordpress-frontier-post-plugin-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 599a177fd09..cf7d4a00b18 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-05T00:55:18.356104+00:00 +2023-12-05T03:00:22.359454+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-05T00:15:09.840000+00:00 +2023-12-05T02:15:06.827000+00:00 ``` ### Last Data Feed Release @@ -23,53 +23,59 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-12-04T01:00:13.555729+00:00 +2023-12-05T01:00:13.564848+00:00 ``` ### Total Number of included CVEs ```plain -232240 +232250 ``` ### CVEs added in the last Commit -Recently added CVEs: `77` +Recently added CVEs: `10` -* [CVE-2023-5944](CVE-2023/CVE-2023-59xx/CVE-2023-5944.json) (`2023-12-04T23:15:27.940`) -* [CVE-2023-21162](CVE-2023/CVE-2023-211xx/CVE-2023-21162.json) (`2023-12-04T23:15:22.217`) -* [CVE-2023-21163](CVE-2023/CVE-2023-211xx/CVE-2023-21163.json) (`2023-12-04T23:15:22.377`) -* [CVE-2023-21164](CVE-2023/CVE-2023-211xx/CVE-2023-21164.json) (`2023-12-04T23:15:22.430`) -* [CVE-2023-21166](CVE-2023/CVE-2023-211xx/CVE-2023-21166.json) (`2023-12-04T23:15:22.477`) -* [CVE-2023-21215](CVE-2023/CVE-2023-212xx/CVE-2023-21215.json) (`2023-12-04T23:15:22.523`) -* [CVE-2023-21216](CVE-2023/CVE-2023-212xx/CVE-2023-21216.json) (`2023-12-04T23:15:22.570`) -* [CVE-2023-21217](CVE-2023/CVE-2023-212xx/CVE-2023-21217.json) (`2023-12-04T23:15:22.617`) -* [CVE-2023-21218](CVE-2023/CVE-2023-212xx/CVE-2023-21218.json) (`2023-12-04T23:15:22.667`) -* [CVE-2023-21227](CVE-2023/CVE-2023-212xx/CVE-2023-21227.json) (`2023-12-04T23:15:22.720`) -* [CVE-2023-21228](CVE-2023/CVE-2023-212xx/CVE-2023-21228.json) (`2023-12-04T23:15:22.767`) -* [CVE-2023-21263](CVE-2023/CVE-2023-212xx/CVE-2023-21263.json) (`2023-12-04T23:15:22.813`) -* [CVE-2023-21401](CVE-2023/CVE-2023-214xx/CVE-2023-21401.json) (`2023-12-04T23:15:22.970`) -* [CVE-2023-21402](CVE-2023/CVE-2023-214xx/CVE-2023-21402.json) (`2023-12-04T23:15:23.027`) -* [CVE-2023-21403](CVE-2023/CVE-2023-214xx/CVE-2023-21403.json) (`2023-12-04T23:15:23.070`) -* [CVE-2023-26941](CVE-2023/CVE-2023-269xx/CVE-2023-26941.json) (`2023-12-05T00:15:08.110`) -* [CVE-2023-26942](CVE-2023/CVE-2023-269xx/CVE-2023-26942.json) (`2023-12-05T00:15:08.163`) -* [CVE-2023-26943](CVE-2023/CVE-2023-269xx/CVE-2023-26943.json) (`2023-12-05T00:15:08.227`) -* [CVE-2023-35690](CVE-2023/CVE-2023-356xx/CVE-2023-35690.json) (`2023-12-04T23:15:23.507`) -* [CVE-2023-49284](CVE-2023/CVE-2023-492xx/CVE-2023-49284.json) (`2023-12-05T00:15:08.737`) -* [CVE-2023-49289](CVE-2023/CVE-2023-492xx/CVE-2023-49289.json) (`2023-12-05T00:15:08.967`) -* [CVE-2023-49290](CVE-2023/CVE-2023-492xx/CVE-2023-49290.json) (`2023-12-05T00:15:09.190`) -* [CVE-2023-49291](CVE-2023/CVE-2023-492xx/CVE-2023-49291.json) (`2023-12-05T00:15:09.403`) -* [CVE-2023-49292](CVE-2023/CVE-2023-492xx/CVE-2023-49292.json) (`2023-12-05T00:15:09.627`) -* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-05T00:15:09.840`) +* [CVE-2023-48315](CVE-2023/CVE-2023-483xx/CVE-2023-48315.json) (`2023-12-05T01:15:07.230`) +* [CVE-2023-48316](CVE-2023/CVE-2023-483xx/CVE-2023-48316.json) (`2023-12-05T01:15:07.503`) +* [CVE-2023-48691](CVE-2023/CVE-2023-486xx/CVE-2023-48691.json) (`2023-12-05T01:15:07.747`) +* [CVE-2023-48692](CVE-2023/CVE-2023-486xx/CVE-2023-48692.json) (`2023-12-05T01:15:07.957`) +* [CVE-2023-48693](CVE-2023/CVE-2023-486xx/CVE-2023-48693.json) (`2023-12-05T01:15:08.167`) +* [CVE-2023-48694](CVE-2023/CVE-2023-486xx/CVE-2023-48694.json) (`2023-12-05T01:15:08.393`) +* [CVE-2023-48695](CVE-2023/CVE-2023-486xx/CVE-2023-48695.json) (`2023-12-05T01:15:08.640`) +* [CVE-2023-48696](CVE-2023/CVE-2023-486xx/CVE-2023-48696.json) (`2023-12-05T01:15:08.877`) +* [CVE-2023-48697](CVE-2023/CVE-2023-486xx/CVE-2023-48697.json) (`2023-12-05T01:15:09.120`) +* [CVE-2023-48698](CVE-2023/CVE-2023-486xx/CVE-2023-48698.json) (`2023-12-05T01:15:09.353`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `24` -* [CVE-2023-21394](CVE-2023/CVE-2023-213xx/CVE-2023-21394.json) (`2023-12-04T23:15:22.860`) -* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-12-04T23:15:24.800`) -* [CVE-2023-49103](CVE-2023/CVE-2023-491xx/CVE-2023-49103.json) (`2023-12-05T00:15:08.323`) +* [CVE-2022-42541](CVE-2022/CVE-2022-425xx/CVE-2022-42541.json) (`2023-12-05T01:55:33.250`) +* [CVE-2022-42540](CVE-2022/CVE-2022-425xx/CVE-2022-42540.json) (`2023-12-05T01:55:42.027`) +* [CVE-2022-42539](CVE-2022/CVE-2022-425xx/CVE-2022-42539.json) (`2023-12-05T01:55:52.587`) +* [CVE-2022-42538](CVE-2022/CVE-2022-425xx/CVE-2022-42538.json) (`2023-12-05T01:55:59.613`) +* [CVE-2022-42537](CVE-2022/CVE-2022-425xx/CVE-2022-42537.json) (`2023-12-05T01:56:07.767`) +* [CVE-2022-42536](CVE-2022/CVE-2022-425xx/CVE-2022-42536.json) (`2023-12-05T01:56:14.107`) +* [CVE-2023-47272](CVE-2023/CVE-2023-472xx/CVE-2023-47272.json) (`2023-12-05T01:15:07.110`) +* [CVE-2023-49103](CVE-2023/CVE-2023-491xx/CVE-2023-49103.json) (`2023-12-05T01:15:09.570`) +* [CVE-2023-49082](CVE-2023/CVE-2023-490xx/CVE-2023-49082.json) (`2023-12-05T01:51:49.997`) +* [CVE-2023-3741](CVE-2023/CVE-2023-37xx/CVE-2023-3741.json) (`2023-12-05T01:52:00.197`) +* [CVE-2023-49694](CVE-2023/CVE-2023-496xx/CVE-2023-49694.json) (`2023-12-05T01:54:34.097`) +* [CVE-2023-49693](CVE-2023/CVE-2023-496xx/CVE-2023-49693.json) (`2023-12-05T01:54:46.047`) +* [CVE-2023-40458](CVE-2023/CVE-2023-404xx/CVE-2023-40458.json) (`2023-12-05T01:55:09.410`) +* [CVE-2023-6137](CVE-2023/CVE-2023-61xx/CVE-2023-6137.json) (`2023-12-05T01:57:48.153`) +* [CVE-2023-33333](CVE-2023/CVE-2023-333xx/CVE-2023-33333.json) (`2023-12-05T01:59:20.337`) +* [CVE-2023-48282](CVE-2023/CVE-2023-482xx/CVE-2023-48282.json) (`2023-12-05T01:59:29.907`) +* [CVE-2023-48283](CVE-2023/CVE-2023-482xx/CVE-2023-48283.json) (`2023-12-05T02:00:00.967`) +* [CVE-2023-48284](CVE-2023/CVE-2023-482xx/CVE-2023-48284.json) (`2023-12-05T02:00:11.640`) +* [CVE-2023-48323](CVE-2023/CVE-2023-483xx/CVE-2023-48323.json) (`2023-12-05T02:00:16.967`) +* [CVE-2023-48330](CVE-2023/CVE-2023-483xx/CVE-2023-48330.json) (`2023-12-05T02:00:23.417`) +* [CVE-2023-48331](CVE-2023/CVE-2023-483xx/CVE-2023-48331.json) (`2023-12-05T02:00:32.513`) +* [CVE-2023-48334](CVE-2023/CVE-2023-483xx/CVE-2023-48334.json) (`2023-12-05T02:00:37.353`) +* [CVE-2023-48744](CVE-2023/CVE-2023-487xx/CVE-2023-48744.json) (`2023-12-05T02:00:43.043`) +* [CVE-2023-49083](CVE-2023/CVE-2023-490xx/CVE-2023-49083.json) (`2023-12-05T02:15:06.827`) ## Download and Usage