admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-15T15:00:18.583038+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-15 15:00:22 +00:00
parent 602332fa69
commit eadf162841
58 changed files with 2598 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-34xx/CVE-2022-3469.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-3469",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-11-14T15:15:48.950",
"lastModified": "2022-11-16T19:02:06.817",
"lastModified": "2023-11-15T13:45:47.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup)."
},
{
"lang": "es",
"value": "El complemento de WordPress WP Attachments anterior a 5.0.5 no sanitiza y escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting almacenados incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en multisitio). configuraci\u00f3n)."
}
],
"metrics": {
@ -55,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_attachments_project:wp_attachments:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:marcomilesi:wp_attachments:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.0.5",
"matchCriteriaId": "EBFFB2E3-855B-4F6B-A8C4-A2D517B53FFA"
"matchCriteriaId": "1EEDEE77-6835-402C-9585-C0D7D238A0BF"
}
]
}

6
CVE-2022/CVE-2022-43xx/CVE-2022-4330.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4330",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-16T16:15:11.567",
"lastModified": "2023-11-07T03:57:33.957",
"lastModified": "2023-11-15T13:45:47.877",
"vulnStatus": "Modified",
"descriptions": [
{
@ -43,9 +43,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_attachments_project:wp_attachments:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:marcomilesi:wp_attachments:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0.5",
"matchCriteriaId": "2D85CC23-1A07-48B0-A156-DE23C748E718"
"matchCriteriaId": "70B1E3CA-BD96-4C0E-A771-746E4DFE0332"
}
]
}

56
CVE-2022/CVE-2022-453xx/CVE-2022-45350.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2022-45350",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-07T15:15:09.730",
"lastModified": "2023-11-07T15:47:19.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:10:15.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in P\u00e4r Thernstr\u00f6m Simple History \u2013 user activity log, audit tool.This issue affects Simple History \u2013 user activity log, audit tool: from n/a through 3.3.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en P\u00e4r Thernstr\u00f6m Simple History \u2013 user activity log, audit tool. Este problema afecta Simple History: registro de actividad del usuario, herramienta de auditor\u00eda: desde n/a hasta 3.3.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple-history:simple_history:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.0",
"matchCriteriaId": "948C83B2-F0AF-49E4-8627-2A5A17A7B0AF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-history-plugin-3-3-1-csv-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2022/CVE-2022-474xx/CVE-2022-47442.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2022-47442",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-07T15:15:10.313",
"lastModified": "2023-11-07T15:47:19.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:15:39.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en AyeCode Ltd UsersWP. Este problema afecta a UsersWP: desde n/a hasta 1.2.3.9."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ayecode:userswp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.3.10",
"matchCriteriaId": "FFAFFC8B-F464-4913-B9DE-A812D2FDBB26"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/userswp/wordpress-userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-plugin-1-2-3-9-csv-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-235xx/CVE-2023-23549.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23549",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-11-15T11:15:08.173",
"lastModified": "2023-11-15T11:15:08.173",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

56
CVE-2023/CVE-2023-259xx/CVE-2023-25994.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-25994",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T16:15:34.493",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:51:20.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <=\u00a04.4.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Alex Benfica Publish to Schedule en versiones &lt;= 4.4.2."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:publish_to_schedule_project:publish_to_schedule:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.5.4",
"matchCriteriaId": "7F9D9E63-BD79-4105-9734-971971B798E3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/publish-to-schedule/wordpress-publish-to-schedule-plugin-4-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-340xx/CVE-2023-34062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34062",
"sourceIdentifier": "security@vmware.com",
"published": "2023-11-15T10:15:07.277",
"lastModified": "2023-11-15T10:15:07.277",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

56
CVE-2023/CVE-2023-366xx/CVE-2023-36688.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-36688",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T16:15:34.597",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:51:37.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <=\u00a01.0.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Michael Mann Simple Site Verify en versiones &lt;= 1.0.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:idoweb:simple_site_verify:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.8",
"matchCriteriaId": "865513EB-EB11-4432-8FC7-DE54F50DE9D1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-site-verify/wordpress-simple-site-verify-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-409xx/CVE-2023-40923.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40923",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T06:15:27.797",
"lastModified": "2023-11-15T06:15:27.797",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MyPrestaModules ordersexport anterior a v5.0 conten\u00eda m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en send.php a trav\u00e9s de los par\u00e1metros key y save_setting."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-415xx/CVE-2023-41597.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41597",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T06:15:27.893",
"lastModified": "2023-11-15T06:15:27.893",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que EyouCms v1.6.2 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada a trav\u00e9s del componente /admin/twitter.php?active_t."
}
],
"metrics": {},

65
CVE-2023/CVE-2023-425xx/CVE-2023-42544.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-42544",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:20.720",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:17:43.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en Quick Share anterior a 13.5.52.0 permite a un atacante local acceder a archivos locales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3af57064-a867-422c-b2ad-40307b65c458",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:quick_share:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.5.52.0",
"matchCriteriaId": "9C58D13A-3BC5-40D6-8C89-6EB546954B2D"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

140
CVE-2023/CVE-2023-425xx/CVE-2023-42545.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-42545",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:21.027",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:20:25.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data."
},
{
"lang": "es",
"value": "El uso de intenci\u00f3n impl\u00edcita para una vulnerabilidad de comunicaci\u00f3n confidencial en Phone antes de las versiones 12.7.20.12 en Android 11, 13.1.48, 13.5.28 en Android 12 y 14.7.38 en Android 13 permite a los atacantes acceder a datos de ubicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3af57064-a867-422c-b2ad-40307b65c458",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,10 +58,118 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.20.12",
"matchCriteriaId": "5FE3D414-AB15-464A-B774-07A7437AF039"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.1.48",
"matchCriteriaId": "C7D1B532-E73A-4C63-95D5-8D40C2A197FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.5.0",
"versionEndExcluding": "13.5.28",
"matchCriteriaId": "A4B9617A-1B75-45C9-B87D-0F3A451884D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.7.38",
"matchCriteriaId": "8623488D-66A9-4EA0-A086-09458C338422"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

133
CVE-2023/CVE-2023-425xx/CVE-2023-42552.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-42552",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:23.113",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:27:22.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuestro de intenci\u00f3n impl\u00edcita en la aplicaci\u00f3n Firewall anterior a las versiones 12.1.00.24 en Android 11, 13.1.00.16 en Android 12 y 14.1.00.7 en Android 13 permite que una aplicaci\u00f3n de terceros altere la base de datos del Firewall."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3af57064-a867-422c-b2ad-40307b65c458",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,10 +58,111 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:firewall:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.00.24",
"matchCriteriaId": "A269A511-FB05-4B17-8D3F-F35C6D105EE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:firewall:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.1.00.16",
"matchCriteriaId": "E0FC394F-DDA2-4AA9-AB5C-30BE4064DF1B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:firewall:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1.00.7",
"matchCriteriaId": "D74F1D07-7AC5-4F25-A485-E13C3D28F0E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-425xx/CVE-2023-42553.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-42553",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:23.367",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:35:42.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email."
},
{
"lang": "es",
"value": "Una vulnerabilidad de verificaci\u00f3n de autorizaci\u00f3n inadecuada en Samsung Email anterior a la versi\u00f3n 6.1.90.4 permite a los atacantes leer datos de la zona de pruebas del correo electr\u00f3nico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3af57064-a867-422c-b2ad-40307b65c458",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:email:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.90.4",
"matchCriteriaId": "7FF546BB-0925-409C-9647-A616DA963508"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-425xx/CVE-2023-42554.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-42554",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:23.610",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:38:15.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication."
},
{
"lang": "es",
"value": "La vulnerabilidad de autenticaci\u00f3n incorrecta en Samsung Pass anterior a la versi\u00f3n 4.3.00.17 permite a atacantes f\u00edsicos omitir la autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3af57064-a867-422c-b2ad-40307b65c458",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.00.17",
"matchCriteriaId": "BAF62AE3-EC39-4BED-B961-BFD630286633"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-425xx/CVE-2023-42555.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-42555",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:23.853",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:48:21.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device."
},
{
"lang": "es",
"value": "El uso de intenci\u00f3n impl\u00edcita para una vulnerabilidad de comunicaci\u00f3n confidencial en EasySetup anterior a la versi\u00f3n 11.1.13 permite a los atacantes obtener la direcci\u00f3n bluetooth del dispositivo del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3af57064-a867-422c-b2ad-40307b65c458",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:easysetup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13",
"matchCriteriaId": "0894ED74-19CA-4084-B458-AE29DAC84538"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-458xx/CVE-2023-45884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45884",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T17:15:08.853",
"lastModified": "2023-11-09T19:32:04.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:37:06.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NASA Open MCT (tambi\u00e9n conocido como openmct) hasta 3.1.0 permite a los atacantes ver informaci\u00f3n confidencial a trav\u00e9s del complemento flexibleLayout."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nasa:openmct:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "330735C6-BFF9-4A63-B4A1-FDE2CF8A7843"
}
]
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-458xx/CVE-2023-45885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45885",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T17:15:08.903",
"lastModified": "2023-11-09T19:32:04.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:36:48.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en NASA Open MCT (tambi\u00e9n conocido como openmct) hasta 3.1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la nueva funci\u00f3n de componente en el complemento flexibleLayout."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nasa:openmct:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "330735C6-BFF9-4A63-B4A1-FDE2CF8A7843"
}
]
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-466xx/CVE-2023-46621.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-46621",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.470",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:35:21.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <=\u00a01.4.11 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento EEnej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar en versiones &lt;= 1.4.11."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enejbajgoric\\/gagansandhu\\/ctltdev:user_avatar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.11",
"matchCriteriaId": "BC1B2790-E5D4-48FA-9BB5-16D5D5B8E916"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/user-avatar/wordpress-user-avatar-plugin-1-4-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-466xx/CVE-2023-46672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46672",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-15T08:15:07.907",
"lastModified": "2023-11-15T08:15:07.907",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

95
CVE-2023/CVE-2023-467xx/CVE-2023-46769.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-46769",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-11-08T03:15:07.870",
"lastModified": "2023-11-08T14:00:58.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:24:54.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability."
},
{
"lang": "es",
"value": "Vulnerabilidad Use-After-Free (UAF) en el m\u00f3dulo Dubai. La explotaci\u00f3n exitosa de esta vulnerabilidad afectar\u00e1 la disponibilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -23,14 +60,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/11/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-467xx/CVE-2023-46770.json
View File

@ -2,23 +2,115 @@
"id": "CVE-2023-46770",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-11-08T03:15:08.167",
"lastModified": "2023-11-08T14:00:58.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:23:08.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones."
},
{
"lang": "es",
"value": "Vulnerabilidad fuera de los l\u00edmites en el m\u00f3dulo del sensor. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar errores de prevenci\u00f3n de errores en los tel\u00e9fonos m\u00f3viles de los usuarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/11/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-468xx/CVE-2023-46851.json
View File

@ -2,18 +2,45 @@
"id": "CVE-2023-46851",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-07T09:15:07.313",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:13:57.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u00a0 Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\n\nThis issue affects Apache Allura from 1.0.1 through 1.15.0.\n\nUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u00a0 If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
},
{
"lang": "es",
"value": "La importaci\u00f3n de Allura Discussion y Allura Forum no restringe los valores de URL especificados en los archivos adjuntos. Los administradores de proyectos pueden ejecutar estas importaciones, lo que podr\u00eda hacer que Allura lea archivos locales y los exponga. La exposici\u00f3n de archivos internos puede dar lugar a otros exploits, como el secuestro de sesi\u00f3n o la ejecuci\u00f3n remota de c\u00f3digo. Este problema afecta a Apache Allura desde la versi\u00f3n 1.0.1 hasta la 1.15.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.16.0, que soluciona el problema. Si no puede actualizar, configure \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" en su archivo de configuraci\u00f3n .ini."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
@ -31,14 +58,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:allura:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.1",
"versionEndExcluding": "1.16.0",
"matchCriteriaId": "F215DB81-2592-4B04-9E76-5F69560CAD07"
}
]
}
]
}
],
"references": [
{
"url": "https://allura.apache.org/posts/2023-allura-1.16.0.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-468xx/CVE-2023-46894.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-46894",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T16:15:34.887",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:46:16.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm."
},
{
"lang": "es",
"value": "Un problema descubierto en esptool 4.6.2 permite a los atacantes ver informaci\u00f3n confidencial mediante un algoritmo criptogr\u00e1fico d\u00e9bil."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:espressif:esptool:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54405C4F-579C-43E5-B50E-AE8F473C7D49"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/espressif/esptool/issues/926",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

51
CVE-2023/CVE-2023-46xx/CVE-2023-4602.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-4602",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-15T13:15:07.250",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://drive.google.com/file/d/1wliD7YvLqL2xWnR6jLEnWgoWRKsv9dCI/view?usp=sharing",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2966178/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d014f512-9030-49ce-945d-4900594fb373?source=cve",
"source": "security@wordfence.com"
}
]
}

80
CVE-2023/CVE-2023-470xx/CVE-2023-47005.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-47005",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T01:15:07.830",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:47:21.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function."
},
{
"lang": "es",
"value": "Un problema en ASUS RT-AX57 v.3.0.0.4_386_52041 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al campo lan_ifname en la funci\u00f3n sub_ln 2C318."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ax57_firmware:3.0.0.4_386_52041:*:*:*:*:*:*:*",
"matchCriteriaId": "CF927E54-7CF1-4B15-9E2D-5D8F092925C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ax57:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CD96E3-1D92-412E-9B4A-D73B9544E4FE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/3/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-470xx/CVE-2023-47006.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-47006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T01:15:07.883",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:50:45.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function."
},
{
"lang": "es",
"value": "Un problema en ASUS RT-AX57 v.3.0.0.4_386_52041 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al campo lan_ipaddr en la funci\u00f3n sub_6FC74."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ax57_firmware:3.0.0.4_386_52041:*:*:*:*:*:*:*",
"matchCriteriaId": "CF927E54-7CF1-4B15-9E2D-5D8F092925C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ax57:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CD96E3-1D92-412E-9B4A-D73B9544E4FE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/1/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-470xx/CVE-2023-47007.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-47007",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T01:15:07.930",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:50:54.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function."
},
{
"lang": "es",
"value": "Un problema en ASUS RT-AX57 v.3.0.0.4_386_52041 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al campo lan_ifname en la funci\u00f3n sub_391B8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ax57_firmware:3.0.0.4_386_52041:*:*:*:*:*:*:*",
"matchCriteriaId": "CF927E54-7CF1-4B15-9E2D-5D8F092925C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ax57:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CD96E3-1D92-412E-9B4A-D73B9544E4FE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/2/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-470xx/CVE-2023-47008.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-47008",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T01:15:07.977",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:51:02.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function."
},
{
"lang": "es",
"value": "Un problema en ASUS RT-AX57 v.3.0.0.4_386_52041 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al campo ifname en la funci\u00f3n sub_4CCE4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ax57_firmware:3.0.0.4_386_52041:*:*:*:*:*:*:*",
"matchCriteriaId": "CF927E54-7CF1-4B15-9E2D-5D8F092925C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ax57:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CD96E3-1D92-412E-9B4A-D73B9544E4FE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/4/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-471xx/CVE-2023-47110.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47110",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-09T16:15:34.930",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:37:34.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4."
},
{
"lang": "es",
"value": "blockreassurance agrega un bloque de informaci\u00f3n destinado a ofrecer informaci\u00f3n \u00fatil para asegurar a los clientes que su tienda es confiable. Una funci\u00f3n ajax en el m\u00f3dulo blockreassurance permite modificar cualquier valor en la tabla de configuraci\u00f3n. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 5.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:customer_reassurance_block:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "5.1.4",
"matchCriteriaId": "B2227213-F29B-4017-8827-E0E3BC608ED0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-471xx/CVE-2023-47113.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47113",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T22:15:10.843",
"lastModified": "2023-11-09T13:46:19.893",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:53:18.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.\n"
},
{
"lang": "es",
"value": "BleachBit limpia archivos para liberar espacio en el disco y mantener la privacidad. BleachBit para Windows hasta la versi\u00f3n 4.4.2 es afectada por una vulnerabilidad de DLL Hijacking. Al colocar una DLL en la carpeta c:\\DLLs, un atacante puede ejecutar c\u00f3digo arbitrario en cada ejecuci\u00f3n de BleachBit para Windows. Este problema se solucion\u00f3 en la versi\u00f3n 4.5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bleachbit:bleachbit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.4.2",
"matchCriteriaId": "A5DDC144-B02C-4A1D-B4A8-7DB844F2D1D8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-474xx/CVE-2023-47445.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47445",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T06:15:27.943",
"lastModified": "2023-11-15T06:15:27.943",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page."
},
{
"lang": "es",
"value": "Pre-School Enrollment versi\u00f3n 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de nombre de usuario en la p\u00e1gina preschool/admin/."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47446.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47446",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-15T06:15:27.990",
"lastModified": "2023-11-15T06:15:27.990",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter."
},
{
"lang": "es",
"value": "Pre-School Enrollment versi\u00f3n 1.0 es vulnerable a Cross Site Scripting (XSS) en la p\u00e1gina profile.php a trav\u00e9s del par\u00e1metro de nombre completo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47580.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47580",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.030",
"lastModified": "2023-11-15T06:15:28.030",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.\r\n"
},
{
"lang": "es",
"value": "Existen m\u00faltiples problemas de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en TELLUS V4.0.17.0 y anteriores y TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47581.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47581",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.080",
"lastModified": "2023-11-15T06:15:28.080",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en TELLUS V4.0.17.0 y anteriores y en TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47582.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47582",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.127",
"lastModified": "2023-11-15T06:15:28.127",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed."
},
{
"lang": "es",
"value": "El acceso a la vulnerabilidad de puntero no inicializado existe en TELLUS V4.0.17.0 y anteriores y en TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47583.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47583",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.170",
"lastModified": "2023-11-15T06:15:28.170",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de lectura fuera de los l\u00edmites en TELLUS Simulator V4.0.17.0 y versiones anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47584.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47584",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.213",
"lastModified": "2023-11-15T06:15:28.213",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.\r\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en V-Server V4.0.18.0 y anteriores y en V-Server Lite V4.0.18.0 y anteriores. Si un usuario abre un archivo VPR especialmente manipulado, se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47585.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47585",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.260",
"lastModified": "2023-11-15T06:15:28.260",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites existe en V-Server V4.0.18.0 y anteriores y en V-Server Lite V4.0.18.0 y anteriores. Si un usuario abre un archivo VPR especialmente manipulado, se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-475xx/CVE-2023-47586.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47586",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T06:15:28.303",
"lastModified": "2023-11-15T06:15:28.303",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de desbordamiento del b\u00fafer en V-Server V4.0.18.0 y anteriores y V-Server Lite V4.0.18.0 y anteriores. Si un usuario abre un archivo VPR especialmente manipulado, se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-48xx/CVE-2023-4889.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4889",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-15T07:15:14.580",
"lastModified": "2023-11-15T07:15:14.580",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Shareaholic para WordPress es vulnerable a Cross-Site Scripting Almacenado en el shortcode 'shareaholic' en versiones hasta la 9.7.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

70
CVE-2023/CVE-2023-50xx/CVE-2023-5076.json
View File

@ -2,18 +2,42 @@
"id": "CVE-2023-5076",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-07T08:15:24.313",
"lastModified": "2023-11-07T12:14:36.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T13:54:34.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Ziteboard Online Whiteboard para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del shortcode 'ziteboard' en versiones hasta la 2.9.9 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ziteboard:ziteboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.9",
"matchCriteriaId": "AE87B671-ABB0-4CC6-B287-68B9B6A50767"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2988896/ziteboard-online-whiteboard",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5608f50-e17a-471f-b644-dceb64d82f0c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.980",
"lastModified": "2023-10-24T13:34:22.990",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-15T14:15:07.503",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-10-02",
"cisaActionDue": "2023-10-23",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -557,6 +557,10 @@
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213961",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://twitter.com/maddiestone/status/1707163313711497266",
"source": "chrome-cve-admin@google.com",

59
CVE-2023/CVE-2023-52xx/CVE-2023-5245.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5245",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-11-15T13:15:07.457",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.\n\nWhen creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().\n\nArbitrary file creation can directly lead to code execution\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "reefs@jfrog.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "reefs@jfrog.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/combust/mleap/pull/866#issuecomment-1738032225",
"source": "reefs@jfrog.com"
},
{
"url": "https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/",
"source": "reefs@jfrog.com"
}
]
}

100
CVE-2023/CVE-2023-55xx/CVE-2023-5541.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5541",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-11-09T20:15:09.283",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:36:26.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content."
},
{
"lang": "es",
"value": "El m\u00e9todo de importaci\u00f3n de calificaciones CSV conten\u00eda un riesgo XSS para los usuarios que importaban la hoja de c\u00e1lculo, si conten\u00eda contenido no seguro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,18 +80,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.24",
"matchCriteriaId": "B4F617E2-A462-4502-895E-136F1ECA1DC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.17",
"matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.6",
"matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078"
}
]
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451582",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
}
]
}

145
CVE-2023/CVE-2023-55xx/CVE-2023-5544.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5544",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-11-09T20:15:09.660",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:36:11.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk."
},
{
"lang": "es",
"value": "Los comentarios de Wiki requirieron restricciones de acceso y sanitizaci\u00f3n adicionales para evitar un riesgo XSS almacenado y un riesgo potencial de IDOR."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,18 +84,115 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.24",
"matchCriteriaId": "B4F617E2-A462-4502-895E-136F1ECA1DC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.17",
"matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.6",
"matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451585",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

126
CVE-2023/CVE-2023-55xx/CVE-2023-5546.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5546",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-11-09T20:15:10.030",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:35:48.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk."
},
{
"lang": "es",
"value": "Los n\u00fameros de identificaci\u00f3n que se muestran en el informe de calificaci\u00f3n del cuestionario requirieron una sanitizaci\u00f3n adicional para evitar un riesgo de XSS almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,18 +80,100 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.6",
"matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451587",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
}
]
}

140
CVE-2023/CVE-2023-55xx/CVE-2023-5547.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5547",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-11-09T20:15:10.210",
"lastModified": "2023-11-09T20:51:06.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-15T14:18:41.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The course upload preview contained an XSS risk for users uploading unsafe data."
},
{
"lang": "es",
"value": "La vista previa de la carga del curso conten\u00eda un riesgo XSS para los usuarios que cargaban datos no seguros."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,18 +80,114 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.24",
"matchCriteriaId": "B4F617E2-A462-4502-895E-136F1ECA1DC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.17",
"matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.11",
"matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.6",
"matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451588",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
}
]
}

59
CVE-2023/CVE-2023-56xx/CVE-2023-5676.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5676",
"sourceIdentifier": "emo@eclipse.org",
"published": "2023-11-15T14:15:07.683",
"lastModified": "2023-11-15T14:15:07.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-364"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-openj9/openj9/pull/18085",
"source": "emo@eclipse.org"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/13",
"source": "emo@eclipse.org"
}
]
}

59
CVE-2023/CVE-2023-57xx/CVE-2023-5720.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5720",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-15T14:15:07.900",
"lastModified": "2023-11-15T14:15:07.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-526"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5720",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700",
"source": "secalert@redhat.com"
}
]
}

30
CVE-2023/CVE-2023-57xx/CVE-2023-5760.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5760",
"sourceIdentifier": "security@nortonlifelock.com",
"published": "2023-11-08T17:15:07.993",
"lastModified": "2023-11-08T17:25:02.317",
"lastModified": "2023-11-15T13:15:07.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.\n\n"
},
{
"lang": "es",
"value": "Un error de tiempo de verificaci\u00f3n a tiempo de uso (TOCTOU) en el manejo de solicitudes IOCTL (control de entrada/salida). Este error de TOCTOU conduce a una vulnerabilidad de escritura fuera de los l\u00edmites que puede explotarse a\u00fan m\u00e1s, permitiendo a un atacante obtener una escalada de privilegios local completa en el sistema. Este problema afecta a Avast/Avg Antivirus: 23.8."
}
],
"metrics": {
@ -17,20 +21,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "PHYSICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 0.0
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},

8
CVE-2023/CVE-2023-59xx/CVE-2023-5984.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5984",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.043",
"lastModified": "2023-11-15T04:15:19.043",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:26.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow\nmodified firmware to be uploaded when an authorized admin user begins a firmware update\nprocedure.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-494: Descarga de C\u00f3digo Sin Verificaci\u00f3n de Integridad que podr\u00eda permitir que se cargue firmware modificado cuando un usuario administrador autorizado comienza un procedimiento de actualizaci\u00f3n de firmware."
}
],
"metrics": {

8
CVE-2023/CVE-2023-59xx/CVE-2023-5985.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5985",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.290",
"lastModified": "2023-11-15T04:15:19.290",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:26.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability\nexists that could cause compromise of a user\u2019s browser when an attacker with admin privileges\nhas modified system values.\n\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-79: Neutralizaci\u00f3n Inadecuada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web que podr\u00eda comprometer el navegador de un usuario cuando un atacante con privilegios de administrador ha modificado los valores del sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-59xx/CVE-2023-5986.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5986",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.487",
"lastModified": "2023-11-15T04:15:19.487",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:26.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-601: Redireccionamiento de URL a un Sitio que No es de Confianza que podr\u00eda causar una vulnerabilidad de openredirect que conduzca a un ataque de cross site scripting. Al proporcionar una entrada codificada en URL, los atacantes pueden hacer que la aplicaci\u00f3n web del software se redirija al dominio elegido despu\u00e9s de iniciar sesi\u00f3n correctamente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-59xx/CVE-2023-5987.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5987",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.700",
"lastModified": "2023-11-15T04:15:19.700",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)\nvulnerability that could cause a vulnerability leading to a cross site scripting condition where\nattackers can have a victim\u2019s browser run arbitrary JavaScript when they visit a page containing\nthe injected payload.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad CWE-79: Neutralizaci\u00f3n Inadecuada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web (Cross-site Scripting) que podr\u00eda causar una vulnerabilidad que conduzca a una condici\u00f3n de Cross-Site Scripting donde los atacantes pueden hacer que el navegador de la v\u00edctima ejecute JavaScript arbitrario cuando visitan una p\u00e1gina que contiene un payload inyectado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6032.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6032",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-11-15T04:15:19.890",
"lastModified": "2023-11-15T04:15:19.890",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nvulnerability exists that could cause a file system enumeration and file download when an\nattacker navigates to the Network Management Card via HTTPS.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-22: Limitaci\u00f3n Inadecuada de un Nombre de Ruta a un Directorio Restringido (\"Path Traversal\") que podr\u00eda causar una enumeraci\u00f3n del sistema de archivos y una descarga de archivos cuando un atacante navega a la Tarjeta de Administraci\u00f3n de Red a trav\u00e9s de HTTPS."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6133.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6133",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-15T07:15:14.837",
"lastModified": "2023-11-15T07:15:14.837",
"vulnStatus": "Received",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed."
},
{
"lang": "es",
"value": "El complemento Forminator para WordPress es vulnerable a la carga de archivos arbitrarios debido a una lista negra insuficiente en la funci\u00f3n 'forminator_allowed_mime_types' en versiones hasta la 1.27.0 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador o superiores carguen archivos arbitrarios en el servidor del sitio afectado, pero debido a la configuraci\u00f3n de htaccess, el c\u00f3digo remoto no se puede ejecutar."
}
],
"metrics": {

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-15T13:00:18.696103+00:00
2023-11-15T15:00:18.583038+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-15T12:15:06.860000+00:00
2023-11-15T14:53:18.283000+00:00
```
### Last Data Feed Release
@ -29,22 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230843
230847
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `4`
* [CVE-2023-23549](CVE-2023/CVE-2023-235xx/CVE-2023-23549.json) (`2023-11-15T11:15:08.173`)
* [CVE-2023-4602](CVE-2023/CVE-2023-46xx/CVE-2023-4602.json) (`2023-11-15T13:15:07.250`)
* [CVE-2023-5245](CVE-2023/CVE-2023-52xx/CVE-2023-5245.json) (`2023-11-15T13:15:07.457`)
* [CVE-2023-5676](CVE-2023/CVE-2023-56xx/CVE-2023-5676.json) (`2023-11-15T14:15:07.683`)
* [CVE-2023-5720](CVE-2023/CVE-2023-57xx/CVE-2023-5720.json) (`2023-11-15T14:15:07.900`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `53`
* [CVE-2023-36041](CVE-2023/CVE-2023-360xx/CVE-2023-36041.json) (`2023-11-15T11:15:08.840`)
* [CVE-2023-4522](CVE-2023/CVE-2023-45xx/CVE-2023-4522.json) (`2023-11-15T12:15:06.860`)
* [CVE-2023-23549](CVE-2023/CVE-2023-235xx/CVE-2023-23549.json) (`2023-11-15T13:54:23.007`)
* [CVE-2023-5984](CVE-2023/CVE-2023-59xx/CVE-2023-5984.json) (`2023-11-15T13:54:26.693`)
* [CVE-2023-5985](CVE-2023/CVE-2023-59xx/CVE-2023-5985.json) (`2023-11-15T13:54:26.693`)
* [CVE-2023-5986](CVE-2023/CVE-2023-59xx/CVE-2023-5986.json) (`2023-11-15T13:54:26.693`)
* [CVE-2023-5076](CVE-2023/CVE-2023-50xx/CVE-2023-5076.json) (`2023-11-15T13:54:34.067`)
* [CVE-2023-46851](CVE-2023/CVE-2023-468xx/CVE-2023-46851.json) (`2023-11-15T14:13:57.780`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-11-15T14:15:07.503`)
* [CVE-2023-5547](CVE-2023/CVE-2023-55xx/CVE-2023-5547.json) (`2023-11-15T14:18:41.997`)
* [CVE-2023-46770](CVE-2023/CVE-2023-467xx/CVE-2023-46770.json) (`2023-11-15T14:23:08.100`)
* [CVE-2023-46769](CVE-2023/CVE-2023-467xx/CVE-2023-46769.json) (`2023-11-15T14:24:54.563`)
* [CVE-2023-46621](CVE-2023/CVE-2023-466xx/CVE-2023-46621.json) (`2023-11-15T14:35:21.467`)
* [CVE-2023-5546](CVE-2023/CVE-2023-55xx/CVE-2023-5546.json) (`2023-11-15T14:35:48.060`)
* [CVE-2023-5544](CVE-2023/CVE-2023-55xx/CVE-2023-5544.json) (`2023-11-15T14:36:11.500`)
* [CVE-2023-5541](CVE-2023/CVE-2023-55xx/CVE-2023-5541.json) (`2023-11-15T14:36:26.630`)
* [CVE-2023-45885](CVE-2023/CVE-2023-458xx/CVE-2023-45885.json) (`2023-11-15T14:36:48.170`)
* [CVE-2023-45884](CVE-2023/CVE-2023-458xx/CVE-2023-45884.json) (`2023-11-15T14:37:06.537`)
* [CVE-2023-47110](CVE-2023/CVE-2023-471xx/CVE-2023-47110.json) (`2023-11-15T14:37:34.793`)
* [CVE-2023-46894](CVE-2023/CVE-2023-468xx/CVE-2023-46894.json) (`2023-11-15T14:46:16.237`)
* [CVE-2023-47005](CVE-2023/CVE-2023-470xx/CVE-2023-47005.json) (`2023-11-15T14:47:21.770`)
* [CVE-2023-47006](CVE-2023/CVE-2023-470xx/CVE-2023-47006.json) (`2023-11-15T14:50:45.430`)
* [CVE-2023-47007](CVE-2023/CVE-2023-470xx/CVE-2023-47007.json) (`2023-11-15T14:50:54.003`)
* [CVE-2023-47008](CVE-2023/CVE-2023-470xx/CVE-2023-47008.json) (`2023-11-15T14:51:02.770`)
* [CVE-2023-25994](CVE-2023/CVE-2023-259xx/CVE-2023-25994.json) (`2023-11-15T14:51:20.637`)
* [CVE-2023-36688](CVE-2023/CVE-2023-366xx/CVE-2023-36688.json) (`2023-11-15T14:51:37.527`)
* [CVE-2023-47113](CVE-2023/CVE-2023-471xx/CVE-2023-47113.json) (`2023-11-15T14:53:18.283`)
## Download and Usage