admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-22T15:02:02.156375+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-22 15:02:05 +00:00
parent 68bef2e4d6
commit e3aa5a543c
45 changed files with 1294 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-2021/CVE-2021-324xx/CVE-2021-32456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-32456",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2021-05-17T18:15:07.987",
"lastModified": "2021-05-25T16:44:46.263",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-22T13:15:07.373",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
@ -136,11 +136,8 @@
],
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-cleartext-transmission-sensitive-information",
"source": "cve-coordination@incibe.es"
}
]
}

19
CVE-2021/CVE-2021-338xx/CVE-2021-33841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-33841",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2021-06-09T12:15:07.893",
"lastModified": "2021-06-21T19:27:50.607",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-22T13:15:07.610",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,8 +41,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
@ -50,10 +50,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
],
@ -136,11 +136,8 @@
],
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-os-command-injection",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-os-command-injection",
"source": "cve-coordination@incibe.es"
}
]
}

8
CVE-2022/CVE-2022-356xx/CVE-2022-35638.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-35638",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-22T04:15:07.237",
"lastModified": "2023-11-22T04:15:07.237",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:51.970",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824."
},
{
"lang": "es",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 230824."
}
],
"metrics": {

8
CVE-2023/CVE-2023-24xx/CVE-2023-2446.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-2446",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T08:15:07.020",
"lastModified": "2023-11-22T08:15:07.020",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial a trav\u00e9s del c\u00f3digo corto 'userpro' en versiones hasta la 5.1.1 incluida. Esto se debe a una restricci\u00f3n insuficiente de los metavalores sensibles del usuario que se pueden invocar a trav\u00e9s de ese c\u00f3digo abreviado. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, recuperen metadatos de usuario sensibles que pueden usarse para obtener acceso a una cuenta de usuario con altos privilegios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-24xx/CVE-2023-2447.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-2447",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T08:15:07.410",
"lastModified": "2023-11-22T08:15:07.410",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 5.1.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'export_users'. Esto hace posible que atacantes no autenticados exporten a los usuarios a un archivo csv, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

55
CVE-2023/CVE-2023-265xx/CVE-2023-26532.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26532",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.037",
"lastModified": "2023-11-22T14:15:08.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <=\u00a02.1.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accesspress-facebook-auto-post/wordpress-social-auto-poster-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-265xx/CVE-2023-26535.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26535",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.230",
"lastModified": "2023-11-22T14:15:08.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <=\u00a02.12.15 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sheets-to-wp-table-live-sync/wordpress-sheets-to-wp-table-live-sync-plugin-2-12-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27442.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27442",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.417",
"lastModified": "2023-11-22T14:15:08.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <=\u00a03.29.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27444.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27444",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.600",
"lastModified": "2023-11-22T14:15:08.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <=\u00a03.7.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27446.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27446",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.790",
"lastModified": "2023-11-22T14:15:08.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <=\u00a02.1.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27451.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27451",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.970",
"lastModified": "2023-11-22T14:15:08.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <=\u00a05.1.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27453.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27453",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.150",
"lastModified": "2023-11-22T14:15:09.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <=\u00a02.3.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27457.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27457",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.333",
"lastModified": "2023-11-22T14:15:09.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <=\u00a02.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-expires-headers/wordpress-add-expires-headers-optimized-minify-plugin-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27458.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27458",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.520",
"lastModified": "2023-11-22T14:15:09.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <=\u00a04.4.10 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpstream/wordpress-wpstream-live-streaming-video-on-demand-pay-per-view-plugin-4-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27461.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27461",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.713",
"lastModified": "2023-11-22T14:15:09.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <=\u00a01.2.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/when-last-login/wordpress-when-last-login-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-276xx/CVE-2023-27633.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27633",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:09.920",
"lastModified": "2023-11-22T14:15:09.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify \u2013 Intuitive Website Styling plugin <=\u00a02.10.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/customify/wordpress-customify-plugin-2-10-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28747.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:10.127",
"lastModified": "2023-11-22T14:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <=\u00a03.0.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cbcurrencyconverter/wordpress-cbx-currency-converter-plugin-3-0-3-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28749.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28749",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T13:15:07.850",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <=\u00a01.3.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cm-on-demand-search-and-replace/wordpress-cm-on-demand-search-and-replace-plugin-1-3-0-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2889.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2889",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T14:15:10.310",
"lastModified": "2023-11-22T14:15:10.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: through 20231122.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0653",
"source": "iletisim@usom.gov.tr"
}
]
}

8
CVE-2023/CVE-2023-290xx/CVE-2023-29069.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29069",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-22T07:15:07.240",
"lastModified": "2023-11-22T07:15:07.240",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:51.970",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.\n"
},
{
"lang": "es",
"value": "Se puede forzar la instalaci\u00f3n de un archivo DLL creado con fines malintencionados en una ubicaci\u00f3n no predeterminada y el atacante puede sobrescribir partes del producto con archivos DLL maliciosos. Estos archivos pueden tener privilegios elevados, lo que lleva a una vulnerabilidad de escalada de privilegios."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-31xx/CVE-2023-3103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3103",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-22T12:15:22.160",
"lastModified": "2023-11-22T12:15:22.160",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-31xx/CVE-2023-3104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3104",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-22T12:15:22.400",
"lastModified": "2023-11-22T12:15:22.400",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-379xx/CVE-2023-37924.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37924",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-22T10:15:07.577",
"lastModified": "2023-11-22T10:15:07.577",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.\nNow we have fixed this issue and now user must have the correct login to access workbench.\nThis issue affects Apache Submarine: from 0.7.0 before 0.8.0.\u00a0We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.\nIf using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.\n\n"
},
{
"lang": "es",
"value": "Apache Software Foundation Apache Submarine tiene una vulnerabilidad de inyecci\u00f3n SQL cuando un usuario inicia sesi\u00f3n. Este problema puede provocar un inicio de sesi\u00f3n no autorizado. Ahora hemos solucionado este problema y ahora el usuario debe tener el inicio de sesi\u00f3n correcto para acceder al banco de trabajo. Este problema afecta a Apache Submarine: desde 0.7.0 antes de 0.8.0. Recomendamos que todos los usuarios de Submarine con 0.7.0 actualicen a 0.8.0, que no solo soluciona el problema, admite el modo de autenticaci\u00f3n oidc, sino que tambi\u00e9n elimina el caso de inicios de sesi\u00f3n no autenticados. Si utiliza una versi\u00f3n inferior a 0.8.0 y no desea actualizar, puede probar PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull /1054 y reconstruir la imagen del servidor submarino para solucionar este problema."
}
],
"metrics": {},

60
CVE-2023/CVE-2023-395xx/CVE-2023-39535.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39535",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-11-14T22:15:29.557",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T14:51:42.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability."
},
{
"lang": "es",
"value": "AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar una validaci\u00f3n de entrada incorrecta a trav\u00e9s de la red local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C73298F-5F7B-43DF-8772-567ACCE6D7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-395xx/CVE-2023-39536.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39536",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-11-14T22:15:29.743",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T14:51:20.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability."
},
{
"lang": "es",
"value": "AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar una validaci\u00f3n de entrada incorrecta a trav\u00e9s de la red local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C73298F-5F7B-43DF-8772-567ACCE6D7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-395xx/CVE-2023-39537.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39537",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-11-14T22:15:29.923",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T14:38:31.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability."
},
{
"lang": "es",
"value": "AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar una validaci\u00f3n de entrada incorrecta a trav\u00e9s de la red local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C73298F-5F7B-43DF-8772-567ACCE6D7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-411xx/CVE-2023-41145.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41145",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-22T07:15:07.420",
"lastModified": "2023-11-22T07:15:07.420",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Autodesk users who no longer have an active license for an account can still access cases for that account.\n"
},
{
"lang": "es",
"value": "Los usuarios de Autodesk que ya no tengan una licencia activa para una cuenta, a\u00fan pueden acceder a los casos de esa cuenta."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-411xx/CVE-2023-41146.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41146",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-22T07:15:07.473",
"lastModified": "2023-11-22T07:15:07.473",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.\n"
},
{
"lang": "es",
"value": "Autodesk Customer Support Portal permite que los casos creados por usuarios de una cuenta vean los casos creados por otros usuarios de la misma cuenta."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-430xx/CVE-2023-43081.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43081",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-22T13:15:08.047",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nPowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000219782/dsa-2023-427-security-update-for-dell-powerprotect-agent-for-file-system-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

8
CVE-2023/CVE-2023-466xx/CVE-2023-46673.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46673",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T10:15:08.417",
"lastModified": "2023-11-22T10:15:08.417",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 que los scripts con formato incorrecto utilizados en el procesador de scripts de una canalizaci\u00f3n de ingesta podr\u00edan provocar que un nodo de Elasticsearch fallara al llamar a la API Simulate Pipeline."
}
],
"metrics": {

8
CVE-2023/CVE-2023-468xx/CVE-2023-46814.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46814",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T05:15:07.837",
"lastModified": "2023-11-22T05:15:07.837",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:51.970",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar c\u00f3digo con privilegios elevados desde una ubicaci\u00f3n de escritura est\u00e1ndar por parte del usuario. Los usuarios est\u00e1ndar pueden usar esto para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-470xx/CVE-2023-47016.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47016",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T07:15:07.530",
"lastModified": "2023-11-22T07:15:07.530",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h."
},
{
"lang": "es",
"value": "radare2 5.8.9 tiene una lectura fuera de los l\u00edmites en r_bin_object_set_items en libr/bin/bobj.c, lo que provoca un bloqueo en r_read_le32 en libr/include/r_endian.h."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-473xx/CVE-2023-47392.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47392",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T07:15:07.587",
"lastModified": "2023-11-22T07:15:07.587",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request."
},
{
"lang": "es",
"value": "Un problema de control de acceso en Mercedes me IOS APP v1.34.0 y versiones anteriores permite a los atacantes ver los carritos de otros usuarios mediante el env\u00edo de una solicitud de adici\u00f3n de pedido manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-473xx/CVE-2023-47393.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47393",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T07:15:07.633",
"lastModified": "2023-11-22T07:15:07.633",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors."
},
{
"lang": "es",
"value": "Un problema de control de acceso en Mercedes me IOS APP v1.34.0 y versiones anteriores permite a los atacantes ver las \u00f3rdenes de mantenimiento de otros usuarios y acceder a informaci\u00f3n confidencial del usuario a trav\u00e9s de vectores no especificados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48161.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48161",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T06:15:43.123",
"lastModified": "2023-11-22T06:15:43.123",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:51.970",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c"
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en el proyecto GifLib GifLib v.5.2.1 permite a un atacante local obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n DumpSCreen2RGB en gif2rgb.c"
}
],
"metrics": {},

73
CVE-2023/CVE-2023-482xx/CVE-2023-48217.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48217",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T22:15:31.577",
"lastModified": "2023-11-15T02:28:40.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T14:37:30.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the \"Forms\" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Statamic es un CMS plano con tecnolog\u00eda Laravel + Git dise\u00f1ado para crear sitios web. En las versiones afectadas, es posible cargar ciertos archivos PHP adicionales manipulados para que parezcan im\u00e1genes, independientemente de las reglas de validaci\u00f3n del tipo MIME. Esto afecta los formularios de front-end que utilizan la funci\u00f3n \"Formularios\" y los campos de carga de activos en el panel de control. Los usuarios malintencionados podr\u00edan aprovechar esta vulnerabilidad para cargar y ejecutar c\u00f3digo. Este problema se solucion\u00f3 en las versiones 3.4.14 y 4.34.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.14",
"matchCriteriaId": "1A50F47A-9802-4A97-BA68-D8A7BBD7CC8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.34.0",
"matchCriteriaId": "FE7C9F19-207E-4CD2-AE61-B3BEF7A7D838"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/statamic/cms/commit/4c6fe041e2203a8033e5949ce4a5d9d6c0ad2411",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/statamic/cms/security/advisories/GHSA-2r53-9295-3m86",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-50xx/CVE-2023-5047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5047",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T12:15:22.587",
"lastModified": "2023-11-22T12:15:22.587",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-59xx/CVE-2023-5921.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5921",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T09:15:07.690",
"lastModified": "2023-11-22T09:15:07.690",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n inadecuada de la vulnerabilidad del flujo de trabajo conductual en el software DECE Geodi permite la omisi\u00f3n de funcionalidad. Este problema afecta a Geodi: antes de 8.0.0.27396."
}
],
"metrics": {

4
CVE-2023/CVE-2023-59xx/CVE-2023-5983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5983",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T12:15:22.777",
"lastModified": "2023-11-22T12:15:22.777",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-60xx/CVE-2023-6011.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6011",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-22T09:15:07.927",
"lastModified": "2023-11-22T09:15:07.927",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el software DECE Geodi permite almacenar XSS. Este problema afecta a Geodi: versiones anteriores a 8.0.0.27396."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6117.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6117",
"sourceIdentifier": "security@m-files.com",
"published": "2023-11-22T10:15:09.037",
"lastModified": "2023-11-22T10:15:09.037",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the\u00a0M-Files server\n\n before 23.11.13156.0 which allows attackers to execute DoS attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 una posibilidad de consumo no deseado de memoria del servidor a trav\u00e9s de las funcionalidades obsoletas en los m\u00e9todos Rest API del servidor M-Files anteriores a 23.11.13156.0, lo que permite a los atacantes ejecutar ataques DoS."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6189.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6189",
"sourceIdentifier": "security@m-files.com",
"published": "2023-11-22T10:15:09.530",
"lastModified": "2023-11-22T10:15:09.530",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nMissing access permissions checks\n\n in\u00a0the M-Files server\u00a0before 23.11.13156.0 allow attackers to perform data write and export\n\njobs using the\u00a0M-Files API methods."
},
{
"lang": "es",
"value": "Las comprobaciones de permisos de acceso faltantes en el servidor M-Files anteriores a 23.11.13156.0 permiten a los atacantes realizar trabajos de escritura y exportaci\u00f3n de datos utilizando los m\u00e9todos API de M-Files."
}
],
"metrics": {

55
CVE-2023/CVE-2023-62xx/CVE-2023-6252.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6252",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-22T14:15:10.520",
"lastModified": "2023-11-22T14:15:10.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-35"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-chameleon-power-products",
"source": "cve-coordination@incibe.es"
}
]
}

4
CVE-2023/CVE-2023-62xx/CVE-2023-6253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6253",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2023-11-22T12:15:22.963",
"lastModified": "2023-11-22T12:15:22.963",
"vulnStatus": "Received",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-22T13:00:18.605531+00:00
2023-11-22T15:02:02.156375+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-22T12:15:22.963000+00:00
2023-11-22T14:51:42.253000+00:00
```
### Last Data Feed Release
@ -29,26 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231281
231297
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `16`
* [CVE-2023-3103](CVE-2023/CVE-2023-31xx/CVE-2023-3103.json) (`2023-11-22T12:15:22.160`)
* [CVE-2023-3104](CVE-2023/CVE-2023-31xx/CVE-2023-3104.json) (`2023-11-22T12:15:22.400`)
* [CVE-2023-5047](CVE-2023/CVE-2023-50xx/CVE-2023-5047.json) (`2023-11-22T12:15:22.587`)
* [CVE-2023-5983](CVE-2023/CVE-2023-59xx/CVE-2023-5983.json) (`2023-11-22T12:15:22.777`)
* [CVE-2023-6253](CVE-2023/CVE-2023-62xx/CVE-2023-6253.json) (`2023-11-22T12:15:22.963`)
* [CVE-2023-28749](CVE-2023/CVE-2023-287xx/CVE-2023-28749.json) (`2023-11-22T13:15:07.850`)
* [CVE-2023-43081](CVE-2023/CVE-2023-430xx/CVE-2023-43081.json) (`2023-11-22T13:15:08.047`)
* [CVE-2023-26532](CVE-2023/CVE-2023-265xx/CVE-2023-26532.json) (`2023-11-22T14:15:08.037`)
* [CVE-2023-26535](CVE-2023/CVE-2023-265xx/CVE-2023-26535.json) (`2023-11-22T14:15:08.230`)
* [CVE-2023-27442](CVE-2023/CVE-2023-274xx/CVE-2023-27442.json) (`2023-11-22T14:15:08.417`)
* [CVE-2023-27444](CVE-2023/CVE-2023-274xx/CVE-2023-27444.json) (`2023-11-22T14:15:08.600`)
* [CVE-2023-27446](CVE-2023/CVE-2023-274xx/CVE-2023-27446.json) (`2023-11-22T14:15:08.790`)
* [CVE-2023-27451](CVE-2023/CVE-2023-274xx/CVE-2023-27451.json) (`2023-11-22T14:15:08.970`)
* [CVE-2023-27453](CVE-2023/CVE-2023-274xx/CVE-2023-27453.json) (`2023-11-22T14:15:09.150`)
* [CVE-2023-27457](CVE-2023/CVE-2023-274xx/CVE-2023-27457.json) (`2023-11-22T14:15:09.333`)
* [CVE-2023-27458](CVE-2023/CVE-2023-274xx/CVE-2023-27458.json) (`2023-11-22T14:15:09.520`)
* [CVE-2023-27461](CVE-2023/CVE-2023-274xx/CVE-2023-27461.json) (`2023-11-22T14:15:09.713`)
* [CVE-2023-27633](CVE-2023/CVE-2023-276xx/CVE-2023-27633.json) (`2023-11-22T14:15:09.920`)
* [CVE-2023-28747](CVE-2023/CVE-2023-287xx/CVE-2023-28747.json) (`2023-11-22T14:15:10.127`)
* [CVE-2023-2889](CVE-2023/CVE-2023-28xx/CVE-2023-2889.json) (`2023-11-22T14:15:10.310`)
* [CVE-2023-6252](CVE-2023/CVE-2023-62xx/CVE-2023-6252.json) (`2023-11-22T14:15:10.520`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `28`
* [CVE-2021-4035](CVE-2021/CVE-2021-40xx/CVE-2021-4035.json) (`2023-11-22T11:15:07.533`)
* [CVE-2021-4046](CVE-2021/CVE-2021-40xx/CVE-2021-4046.json) (`2023-11-22T12:15:21.930`)
* [CVE-2023-41145](CVE-2023/CVE-2023-411xx/CVE-2023-41145.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-41146](CVE-2023/CVE-2023-411xx/CVE-2023-41146.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-47016](CVE-2023/CVE-2023-470xx/CVE-2023-47016.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-47392](CVE-2023/CVE-2023-473xx/CVE-2023-47392.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-47393](CVE-2023/CVE-2023-473xx/CVE-2023-47393.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-2446](CVE-2023/CVE-2023-24xx/CVE-2023-2446.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-2447](CVE-2023/CVE-2023-24xx/CVE-2023-2447.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-5921](CVE-2023/CVE-2023-59xx/CVE-2023-5921.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-6011](CVE-2023/CVE-2023-60xx/CVE-2023-6011.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-37924](CVE-2023/CVE-2023-379xx/CVE-2023-37924.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-46673](CVE-2023/CVE-2023-466xx/CVE-2023-46673.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-6117](CVE-2023/CVE-2023-61xx/CVE-2023-6117.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-6189](CVE-2023/CVE-2023-61xx/CVE-2023-6189.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-3103](CVE-2023/CVE-2023-31xx/CVE-2023-3103.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-3104](CVE-2023/CVE-2023-31xx/CVE-2023-3104.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-5047](CVE-2023/CVE-2023-50xx/CVE-2023-5047.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-5983](CVE-2023/CVE-2023-59xx/CVE-2023-5983.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-6253](CVE-2023/CVE-2023-62xx/CVE-2023-6253.json) (`2023-11-22T13:56:48.513`)
* [CVE-2023-46814](CVE-2023/CVE-2023-468xx/CVE-2023-46814.json) (`2023-11-22T13:56:51.970`)
* [CVE-2023-48161](CVE-2023/CVE-2023-481xx/CVE-2023-48161.json) (`2023-11-22T13:56:51.970`)
* [CVE-2023-29069](CVE-2023/CVE-2023-290xx/CVE-2023-29069.json) (`2023-11-22T13:56:51.970`)
* [CVE-2023-48217](CVE-2023/CVE-2023-482xx/CVE-2023-48217.json) (`2023-11-22T14:37:30.113`)
* [CVE-2023-39537](CVE-2023/CVE-2023-395xx/CVE-2023-39537.json) (`2023-11-22T14:38:31.690`)
* [CVE-2023-39536](CVE-2023/CVE-2023-395xx/CVE-2023-39536.json) (`2023-11-22T14:51:20.340`)
* [CVE-2023-39535](CVE-2023/CVE-2023-395xx/CVE-2023-39535.json) (`2023-11-22T14:51:42.253`)
## Download and Usage