admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-29T05:00:25.688072+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-29 05:00:29 +00:00
parent 2cf8e8674d
commit ee670a5de9
90 changed files with 2881 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-363xx/CVE-2022-36399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36399",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-28T22:15:45.150",
"lastModified": "2023-12-28T22:15:45.150",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2022/CVE-2022-453xx/CVE-2022-45377.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-45377",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T13:15:08.330",
"lastModified": "2023-12-21T13:22:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:46:35.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos con tipo peligroso sin restricciones en Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce. Este problema afecta a Drag and Drop Multiple File Upload for WooCommerce: desde n/a hasta 1.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.9",
"matchCriteriaId": "6D451285-A95F-4518-81C5-D8C9865E83B0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-for-woocommerce/wordpress-drag-and-drop-multiple-file-upload-for-woocommerce-plugin-1-0-8-multiple-vulnerabilities?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23424.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23424",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:08.843",
"lastModified": "2023-12-29T03:15:08.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause code execution\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23424/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23426.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23426",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.040",
"lastModified": "2023-12-29T03:15:09.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23426/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

55
CVE-2023/CVE-2023-234xx/CVE-2023-23427.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23427",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.203",
"lastModified": "2023-12-29T03:15:09.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23427/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

55
CVE-2023/CVE-2023-234xx/CVE-2023-23428.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23428",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.403",
"lastModified": "2023-12-29T03:15:09.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23428/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

55
CVE-2023/CVE-2023-234xx/CVE-2023-23429.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23429",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.600",
"lastModified": "2023-12-29T03:15:09.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23429/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

55
CVE-2023/CVE-2023-234xx/CVE-2023-23430.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23430",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:09.813",
"lastModified": "2023-12-29T03:15:09.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23430/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

4
CVE-2023/CVE-2023-234xx/CVE-2023-23431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23431",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T02:15:43.803",
"lastModified": "2023-12-29T02:15:43.803",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-234xx/CVE-2023-23432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23432",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T02:15:44.063",
"lastModified": "2023-12-29T02:15:44.063",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-234xx/CVE-2023-23433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23433",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T02:15:44.253",
"lastModified": "2023-12-29T02:15:44.253",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-234xx/CVE-2023-23434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23434",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T02:15:44.437",
"lastModified": "2023-12-29T02:15:44.437",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-234xx/CVE-2023-23435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23435",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T02:15:44.597",
"lastModified": "2023-12-29T02:15:44.597",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-234xx/CVE-2023-23436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23436",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T02:15:44.783",
"lastModified": "2023-12-29T02:15:44.783",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

43
CVE-2023/CVE-2023-234xx/CVE-2023-23437.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23437",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.020",
"lastModified": "2023-12-29T03:15:10.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23437/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23438.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23438",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.190",
"lastModified": "2023-12-29T03:15:10.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23438/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23439.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23439",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.353",
"lastModified": "2023-12-29T03:15:10.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23439/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23440.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23440",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.520",
"lastModified": "2023-12-29T03:15:10.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23440/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23441.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23441",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:08.547",
"lastModified": "2023-12-29T04:15:08.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23441/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23442.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23442",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:08.717",
"lastModified": "2023-12-29T04:15:08.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23442/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-234xx/CVE-2023-23443.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23443",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:08.883",
"lastModified": "2023-12-29T04:15:08.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23443/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

51
CVE-2023/CVE-2023-24xx/CVE-2023-2487.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2487",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T14:15:07.750",
"lastModified": "2023-12-21T18:15:45.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:33:34.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Smackcoders Export All Posts, Products, Orders, Refunds & Users. Este problema afecta a Export All Posts, Products, Orders, Refunds & Users: desde n/a hasta 2.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smackcoders:export_all_posts\\,_products\\,_orders\\,_refunds_\\&_users:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.1",
"matchCriteriaId": "E590B061-AA0A-4478-ABCB-25293717C9A8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-284xx/CVE-2023-28421.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28421",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T14:15:07.370",
"lastModified": "2023-12-21T18:15:45.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:33:41.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin \u2013 WP Email Capture.This issue affects WordPress Email Marketing Plugin \u2013 WP Email Capture: from n/a through 3.10.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Winwar Media WordPress Email Marketing Plugin \u2013 WP Email Capture. Este problema afecta a WordPress Email Marketing Plugin \u2013 WP Email Capture: desde n/a hasta 3.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:winwar:wp_email_capture:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.11",
"matchCriteriaId": "4E4D5817-69A9-422D-90EC-CC14E798C70F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-email-capture/wordpress-wp-email-capture-plugin-3-10-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-312xx/CVE-2023-31292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31292",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T02:15:44.983",
"lastModified": "2023-12-29T02:15:44.983",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-312xx/CVE-2023-31293.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T03:15:10.690",
"lastModified": "2023-12-29T03:15:10.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0061/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-312xx/CVE-2023-31294.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31294",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T03:15:10.740",
"lastModified": "2023-12-29T03:15:10.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0052/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-312xx/CVE-2023-31296.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31296",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T04:15:09.053",
"lastModified": "2023-12-29T04:15:09.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0054/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-312xx/CVE-2023-31298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T02:15:45.037",
"lastModified": "2023-12-29T02:15:45.037",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-313xx/CVE-2023-31301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T02:15:45.080",
"lastModified": "2023-12-29T02:15:45.080",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-322xx/CVE-2023-32242.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32242",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T13:15:08.710",
"lastModified": "2023-12-21T13:22:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:34:38.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en xtemos WoodMart - Multipurpose WooCommerce Theme. Este problema afecta a WoodMart - Multipurpose WooCommerce Theme: desde n/a hasta 1.0.36."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.37",
"matchCriteriaId": "8FC48A9E-D528-4743-9B01-D4134C1016FC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-451xx/CVE-2023-45120.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45120",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T17:15:08.153",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:18:26.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'qid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'qid' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45121.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-45121",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T17:15:08.440",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:18:17.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'desc' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'desc' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/argerich/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

10
CVE-2023/CVE-2023-467xx/CVE-2023-46724.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46724",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-01T20:15:08.800",
"lastModified": "2023-12-08T19:15:07.787",
"lastModified": "2023-12-29T03:15:10.793",
"vulnStatus": "Modified",
"descriptions": [
{
@ -146,6 +146,14 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/",
"source": "security-advisories@github.com"

10
CVE-2023/CVE-2023-467xx/CVE-2023-46728.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46728",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-06T18:15:08.637",
"lastModified": "2023-12-14T10:15:08.277",
"lastModified": "2023-12-29T03:15:10.917",
"vulnStatus": "Modified",
"descriptions": [
{
@ -103,6 +103,14 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"source": "security-advisories@github.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231214-0006/",
"source": "security-advisories@github.com"

93
CVE-2023/CVE-2023-472xx/CVE-2023-47267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-19T22:15:08.060",
"lastModified": "2023-12-20T13:50:26.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:11:24.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,96 @@
"value": "Un problema descubierto en TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87 y Windows Enterprise VPN Client 6.87 permite a los atacantes obtener privilegios aumentados mediante cambios elaborados en el archivo asignado en memoria."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thegreenbow:windows_enterprise_certified_vpn:6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC69419-D075-4391-9D46-A904FA536C2C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thegreenbow:windows_standard_vpn:6.87:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7F671C-C042-4985-8C97-6D134C05423B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thegreenbow:windows_enterprise_vpn:6.87:*:*:*:*:*:*:*",
"matchCriteriaId": "65AE0381-D382-4FE5-89BA-DB66D7B39329"
}
]
}
]
}
],
"references": [
{
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-482xx/CVE-2023-48288.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48288",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T14:15:08.293",
"lastModified": "2023-12-21T18:15:45.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:27:57.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP.This issue affects WordPress Job Board and Recruitment Plugin \u2013 JobWP: from n/a through 2.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP. Este problema afecta a WordPress Job Board and Recruitment Plugin \u2013 JobWP: desde n/a hasta 2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hmplugin:jobwp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "C86EDF31-1063-441D-B6FB-FE4AD038F96E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-28T18:26:43.827",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T03:15:11.033",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -1540,6 +1540,14 @@
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"source": "cve@mitre.org",

61
CVE-2023/CVE-2023-491xx/CVE-2023-49162.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49162",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T14:15:08.773",
"lastModified": "2023-12-21T18:15:45.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:27:45.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en BigCommerce BigCommerce para WordPress. Este problema afecta a BigCommerce para WordPress: desde n/a hasta 5.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bigcommerce:bigcommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0.6",
"matchCriteriaId": "CC5B10C8-EABF-4F82-9FD4-7B8F51557876"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bigcommerce/wordpress-bigcommerce-for-wordpress-plugin-5-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-492xx/CVE-2023-49285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49285",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.007",
"lastModified": "2023-12-08T17:30:27.670",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T03:15:11.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -133,6 +133,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"source": "security-advisories@github.com"
}
]
}

12
CVE-2023/CVE-2023-492xx/CVE-2023-49286.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49286",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.243",
"lastModified": "2023-12-08T17:30:06.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T03:15:11.453",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -127,6 +127,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"source": "security-advisories@github.com"
}
]
}

12
CVE-2023/CVE-2023-492xx/CVE-2023-49288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49288",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.477",
"lastModified": "2023-12-08T17:29:23.270",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T03:15:11.580",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -96,6 +96,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49762.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49762",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T13:15:08.990",
"lastModified": "2023-12-21T13:22:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:47:20.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite \u2013 Create an app with the Best Mobile App Builder.This issue affects AppMySite \u2013 Create an app with the Best Mobile App Builder: from n/a through 3.11.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en AppMySite AppMySite \u2013 Create an app with the Best Mobile App Builder. Este problema afecta a AppMySite \u2013 Create an app with the Best Mobile App Builder: desde n/a hasta 3.11.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appmysite:appmysite:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.11.0",
"matchCriteriaId": "0477D207-DF11-43D8-B358-556863A3E89B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/appmysite/wordpress-appmysite-create-an-app-with-the-best-mobile-app-builder-plugin-3-10-0-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49778.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T13:15:09.287",
"lastModified": "2023-12-21T13:22:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:34:00.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Hakan Demiray Sayfa Sayac. Este problema afecta a Sayfa Sayac: desde n/a hasta 2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dmry:sayfa_sayac:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6",
"matchCriteriaId": "8A210805-2BE4-4FFC-A0FC-E2F291D2398D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49826.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49826",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T13:15:09.557",
"lastModified": "2023-12-21T13:22:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:27:14.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. Este problema afecta a Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: desde n/a hasta 8.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pencidesign:soledad:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.4.2",
"matchCriteriaId": "B180026A-9BBA-413D-943C-C3F5F932299A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-501xx/CVE-2023-50104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50104",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T00:15:50.233",
"lastModified": "2023-12-29T00:15:50.233",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

12
CVE-2023/CVE-2023-502xx/CVE-2023-50269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50269",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.070",
"lastModified": "2023-12-27T19:02:49.040",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-29T03:15:11.727",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -172,6 +172,14 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-504xx/CVE-2023-50448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50448",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T23:15:43.500",
"lastModified": "2023-12-28T23:15:43.500",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

70
CVE-2023/CVE-2023-504xx/CVE-2023-50473.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50473",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T11:15:08.300",
"lastModified": "2023-12-21T13:22:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:13:42.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,18 +11,76 @@
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en bill-ahmed qbit-matUI versi\u00f3n 1.16.4, permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de identificadores de sesi\u00f3n fijos (SID) en el archivo index.js."
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en bill-ahmed qbit-matUI versi\u00f3n 1.16.4 permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de identificadores de sesi\u00f3n fijos (SID) en el archivo index.js."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:billahmed:qbit_matui:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C49AEFE-02A9-43F6-8D34-A7A6A974223A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bill-ahmed/qbit-matUI/issues/207",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50473.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50823.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50823",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:11.187",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T04:10:31.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Wipeout Media CSS & JavaScript Toolbox permite XSS almacenado. Este problema afecta a CSS & JavaScript Toolbox: desde n/a hasta 11.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wipeoutmedia:css_\\&_javascript_toolbox:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "11.7",
"matchCriteriaId": "84C49F17-FD4D-4AB2-B119-8BCB63A2BBFE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50824.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50824",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:11.487",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T04:10:48.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Brian Batt Insert or Embed Articulate Content into WordPress permite XSS almacenado. Este problema afecta a Insert or Embed Articulate Content into WordPress: desde n/a hasta 4.3000000021."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3000000021",
"matchCriteriaId": "EF54E362-ABB8-4B55-BD88-E59D1EAC2F4E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/insert-or-embed-articulate-content-into-wordpress/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-508xx/CVE-2023-50828.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50828",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T15:15:12.990",
"lastModified": "2023-12-21T18:15:38.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T04:26:35.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard \u2013 Custom WordPress Dashboard: from n/a through 3.7.11.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard permite XSS almacenado. Este problema afecta a Ultimate Dashboard \u2013 Custom WordPress Dashboard: desde n/a hasta 3.7.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidvongries:ultimate_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.11",
"matchCriteriaId": "7B117D0B-236C-4B5D-A2CD-E0C73A79E239"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-dashboard/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50829.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50829",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T18:15:07.477",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:25:31.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aerin Loan Repayment Calculator and Application Form permite XSS almacenado. Este problema afecta a Loan Repayment Calculator and Application Form: desde n/a hasta 2.9.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quick-plugins:loan_repayment_calculator_and_application_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.3",
"matchCriteriaId": "95C9777F-68AF-474E-809D-6C1400791B14"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quick-interest-slider/wordpress-loan-repayment-calculator-and-application-form-plugin-2-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-508xx/CVE-2023-50830.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T18:15:07.797",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:26:55.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Seosbg Seos Contact Form permite XSS almacenado. Este problema afecta a Seos Contact Form: desde n/a hasta 1.8.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seosthemes:seos_contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.0",
"matchCriteriaId": "9831CB94-C398-4557-8912-14C0EC0FDE1D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/seos-contact-form/wordpress-seos-contact-form-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-508xx/CVE-2023-50831.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50831",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-21T18:15:08.050",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:48:39.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY \u2013 Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY \u2013 Multi Currency for WooCommerce: from n/a through 2.2.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en VillaTheme CURCY \u2013 Multi Currency for WooCommerce permite XSS almacenado. Este problema afecta a CURCY \u2013 Multi Currency for WooCommerce: desde n/a hasta 2.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:villatheme:curcy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.0",
"matchCriteriaId": "B7F9722A-1506-41CC-AC9D-91D70D530BF8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-multi-currency/wordpress-curcy-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-510xx/CVE-2023-51051.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-51051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.110",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:47:42.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_textauth en /admin/ajax.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

67
CVE-2023/CVE-2023-510xx/CVE-2023-51052.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-51052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.220",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-29T03:47:49.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_formauth en /admin/ajax.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51426.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51426",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.100",
"lastModified": "2023-12-29T04:15:09.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51426/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51427.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51427",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.300",
"lastModified": "2023-12-29T04:15:09.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51427/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51428.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51428",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.503",
"lastModified": "2023-12-29T04:15:09.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51428/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51429.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51429",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.690",
"lastModified": "2023-12-29T04:15:09.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51429/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51430.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51430",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:09.847",
"lastModified": "2023-12-29T04:15:09.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51430/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51431.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51431",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.010",
"lastModified": "2023-12-29T04:15:10.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51431/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51432.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51432",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.177",
"lastModified": "2023-12-29T04:15:10.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.5,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51432/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51433.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51433",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.343",
"lastModified": "2023-12-29T04:15:10.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51433/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51434.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51434",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.513",
"lastModified": "2023-12-29T04:15:10.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51434/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

43
CVE-2023/CVE-2023-514xx/CVE-2023-51435.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-51435",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.677",
"lastModified": "2023-12-29T04:15:10.677",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-51435/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

4
CVE-2023/CVE-2023-520xx/CVE-2023-52083.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52083",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-28T23:15:43.557",
"lastModified": "2023-12-28T23:15:43.557",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-520xx/CVE-2023-52084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52084",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-28T23:15:43.777",
"lastModified": "2023-12-28T23:15:43.777",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-520xx/CVE-2023-52085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52085",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-29T00:15:50.300",
"lastModified": "2023-12-29T00:15:50.300",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-521xx/CVE-2023-52152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52152",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T23:15:44.197",
"lastModified": "2023-12-28T23:15:44.197",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-521xx/CVE-2023-52173.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52173",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T04:15:10.847",
"lastModified": "2023-12-29T04:15:10.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x54D%5D%2B3%7B%2B0~3%23460c%7D%20469.15d%20%40%20xnview.exe%2B0x3ADBD0.html",
"source": "cve@mitre.org"
},
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-521xx/CVE-2023-52174.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52174",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T04:15:10.893",
"lastModified": "2023-12-29T04:15:10.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html",
"source": "cve@mitre.org"
},
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016",
"source": "cve@mitre.org"
}
]
}

43
CVE-2023/CVE-2023-69xx/CVE-2023-6939.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-6939",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T04:15:10.937",
"lastModified": "2023-12-29T04:15:10.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-6939/",
"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"
}
]
}

4
CVE-2023/CVE-2023-71xx/CVE-2023-7135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7135",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T21:15:07.897",
"lastModified": "2023-12-28T21:15:07.897",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7136",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T21:15:08.130",
"lastModified": "2023-12-28T21:15:08.130",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7137",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T22:15:45.373",
"lastModified": "2023-12-28T22:15:45.373",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7138",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T22:15:45.603",
"lastModified": "2023-12-28T22:15:45.603",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7139",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T23:15:44.263",
"lastModified": "2023-12-28T23:15:44.263",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7140",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T23:15:44.623",
"lastModified": "2023-12-28T23:15:44.623",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7141",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T00:15:50.517",
"lastModified": "2023-12-29T00:15:50.517",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7142.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7142",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T00:15:50.740",
"lastModified": "2023-12-29T00:15:50.740",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7143",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T01:15:43.917",
"lastModified": "2023-12-29T01:15:43.917",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7144",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T01:15:44.137",
"lastModified": "2023-12-29T01:15:44.137",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7145",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T02:15:45.180",
"lastModified": "2023-12-29T02:15:45.180",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7146",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T02:15:45.387",
"lastModified": "2023-12-29T02:15:45.387",
"vulnStatus": "Received",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2023/CVE-2023-71xx/CVE-2023-7147.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7147",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T03:15:11.847",
"lastModified": "2023-12-29T03:15:11.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/affd8cjn50HC",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249150",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249150",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-71xx/CVE-2023-7148.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7148",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T03:15:12.110",
"lastModified": "2023-12-29T03:15:12.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1ST3dD-iwUBgBNZ8tGaBbqVi1zRh5rLND/view",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249151",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249151",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-71xx/CVE-2023-7149.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7149",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T04:15:11.103",
"lastModified": "2023-12-29T04:15:11.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input \"><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/QR_Code_Generator/QR_Code_Generator-Reflected_Cross_Site_Scripting.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249153",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249153",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-71xx/CVE-2023-7150.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7150",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T04:15:11.333",
"lastModified": "2023-12-29T04:15:11.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability-",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249157",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249157",
"source": "cna@vuldb.com"
}
]
}

98
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-29T03:00:24.898739+00:00
2023-12-29T05:00:25.688072+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-29T02:56:36.643000+00:00
2023-12-29T04:26:35.477000+00:00
```
### Last Data Feed Release
@ -29,57 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234393
234426
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `33`
* [CVE-2023-7143](CVE-2023/CVE-2023-71xx/CVE-2023-7143.json) (`2023-12-29T01:15:43.917`)
* [CVE-2023-7144](CVE-2023/CVE-2023-71xx/CVE-2023-7144.json) (`2023-12-29T01:15:44.137`)
* [CVE-2023-23431](CVE-2023/CVE-2023-234xx/CVE-2023-23431.json) (`2023-12-29T02:15:43.803`)
* [CVE-2023-23432](CVE-2023/CVE-2023-234xx/CVE-2023-23432.json) (`2023-12-29T02:15:44.063`)
* [CVE-2023-23433](CVE-2023/CVE-2023-234xx/CVE-2023-23433.json) (`2023-12-29T02:15:44.253`)
* [CVE-2023-23434](CVE-2023/CVE-2023-234xx/CVE-2023-23434.json) (`2023-12-29T02:15:44.437`)
* [CVE-2023-23435](CVE-2023/CVE-2023-234xx/CVE-2023-23435.json) (`2023-12-29T02:15:44.597`)
* [CVE-2023-23436](CVE-2023/CVE-2023-234xx/CVE-2023-23436.json) (`2023-12-29T02:15:44.783`)
* [CVE-2023-31292](CVE-2023/CVE-2023-312xx/CVE-2023-31292.json) (`2023-12-29T02:15:44.983`)
* [CVE-2023-31298](CVE-2023/CVE-2023-312xx/CVE-2023-31298.json) (`2023-12-29T02:15:45.037`)
* [CVE-2023-31301](CVE-2023/CVE-2023-313xx/CVE-2023-31301.json) (`2023-12-29T02:15:45.080`)
* [CVE-2023-7145](CVE-2023/CVE-2023-71xx/CVE-2023-7145.json) (`2023-12-29T02:15:45.180`)
* [CVE-2023-7146](CVE-2023/CVE-2023-71xx/CVE-2023-7146.json) (`2023-12-29T02:15:45.387`)
* [CVE-2023-23439](CVE-2023/CVE-2023-234xx/CVE-2023-23439.json) (`2023-12-29T03:15:10.353`)
* [CVE-2023-23440](CVE-2023/CVE-2023-234xx/CVE-2023-23440.json) (`2023-12-29T03:15:10.520`)
* [CVE-2023-31293](CVE-2023/CVE-2023-312xx/CVE-2023-31293.json) (`2023-12-29T03:15:10.690`)
* [CVE-2023-31294](CVE-2023/CVE-2023-312xx/CVE-2023-31294.json) (`2023-12-29T03:15:10.740`)
* [CVE-2023-7147](CVE-2023/CVE-2023-71xx/CVE-2023-7147.json) (`2023-12-29T03:15:11.847`)
* [CVE-2023-7148](CVE-2023/CVE-2023-71xx/CVE-2023-7148.json) (`2023-12-29T03:15:12.110`)
* [CVE-2023-23441](CVE-2023/CVE-2023-234xx/CVE-2023-23441.json) (`2023-12-29T04:15:08.547`)
* [CVE-2023-23442](CVE-2023/CVE-2023-234xx/CVE-2023-23442.json) (`2023-12-29T04:15:08.717`)
* [CVE-2023-23443](CVE-2023/CVE-2023-234xx/CVE-2023-23443.json) (`2023-12-29T04:15:08.883`)
* [CVE-2023-31296](CVE-2023/CVE-2023-312xx/CVE-2023-31296.json) (`2023-12-29T04:15:09.053`)
* [CVE-2023-51426](CVE-2023/CVE-2023-514xx/CVE-2023-51426.json) (`2023-12-29T04:15:09.100`)
* [CVE-2023-51427](CVE-2023/CVE-2023-514xx/CVE-2023-51427.json) (`2023-12-29T04:15:09.300`)
* [CVE-2023-51428](CVE-2023/CVE-2023-514xx/CVE-2023-51428.json) (`2023-12-29T04:15:09.503`)
* [CVE-2023-51429](CVE-2023/CVE-2023-514xx/CVE-2023-51429.json) (`2023-12-29T04:15:09.690`)
* [CVE-2023-51430](CVE-2023/CVE-2023-514xx/CVE-2023-51430.json) (`2023-12-29T04:15:09.847`)
* [CVE-2023-51431](CVE-2023/CVE-2023-514xx/CVE-2023-51431.json) (`2023-12-29T04:15:10.010`)
* [CVE-2023-51432](CVE-2023/CVE-2023-514xx/CVE-2023-51432.json) (`2023-12-29T04:15:10.177`)
* [CVE-2023-51433](CVE-2023/CVE-2023-514xx/CVE-2023-51433.json) (`2023-12-29T04:15:10.343`)
* [CVE-2023-51434](CVE-2023/CVE-2023-514xx/CVE-2023-51434.json) (`2023-12-29T04:15:10.513`)
* [CVE-2023-51435](CVE-2023/CVE-2023-514xx/CVE-2023-51435.json) (`2023-12-29T04:15:10.677`)
* [CVE-2023-52173](CVE-2023/CVE-2023-521xx/CVE-2023-52173.json) (`2023-12-29T04:15:10.847`)
* [CVE-2023-52174](CVE-2023/CVE-2023-521xx/CVE-2023-52174.json) (`2023-12-29T04:15:10.893`)
* [CVE-2023-6939](CVE-2023/CVE-2023-69xx/CVE-2023-6939.json) (`2023-12-29T04:15:10.937`)
* [CVE-2023-7149](CVE-2023/CVE-2023-71xx/CVE-2023-7149.json) (`2023-12-29T04:15:11.103`)
* [CVE-2023-7150](CVE-2023/CVE-2023-71xx/CVE-2023-7150.json) (`2023-12-29T04:15:11.333`)
### CVEs modified in the last Commit
Recently modified CVEs: `33`
Recently modified CVEs: `56`
* [CVE-2021-28454](CVE-2021/CVE-2021-284xx/CVE-2021-28454.json) (`2023-12-29T01:15:39.943`)
* [CVE-2021-28456](CVE-2021/CVE-2021-284xx/CVE-2021-28456.json) (`2023-12-29T01:15:40.137`)
* [CVE-2021-28457](CVE-2021/CVE-2021-284xx/CVE-2021-28457.json) (`2023-12-29T01:15:40.310`)
* [CVE-2021-28458](CVE-2021/CVE-2021-284xx/CVE-2021-28458.json) (`2023-12-29T01:15:40.487`)
* [CVE-2021-28459](CVE-2021/CVE-2021-284xx/CVE-2021-28459.json) (`2023-12-29T01:15:40.660`)
* [CVE-2021-28460](CVE-2021/CVE-2021-284xx/CVE-2021-28460.json) (`2023-12-29T01:15:40.890`)
* [CVE-2021-28464](CVE-2021/CVE-2021-284xx/CVE-2021-28464.json) (`2023-12-29T01:15:41.093`)
* [CVE-2021-28466](CVE-2021/CVE-2021-284xx/CVE-2021-28466.json) (`2023-12-29T01:15:41.263`)
* [CVE-2021-28468](CVE-2021/CVE-2021-284xx/CVE-2021-28468.json) (`2023-12-29T01:15:41.433`)
* [CVE-2021-28469](CVE-2021/CVE-2021-284xx/CVE-2021-28469.json) (`2023-12-29T01:15:41.620`)
* [CVE-2021-28470](CVE-2021/CVE-2021-284xx/CVE-2021-28470.json) (`2023-12-29T01:15:41.797`)
* [CVE-2021-28471](CVE-2021/CVE-2021-284xx/CVE-2021-28471.json) (`2023-12-29T01:15:42.010`)
* [CVE-2021-28472](CVE-2021/CVE-2021-284xx/CVE-2021-28472.json) (`2023-12-29T01:15:42.177`)
* [CVE-2021-28473](CVE-2021/CVE-2021-284xx/CVE-2021-28473.json) (`2023-12-29T01:15:42.373`)
* [CVE-2021-28475](CVE-2021/CVE-2021-284xx/CVE-2021-28475.json) (`2023-12-29T01:15:42.540`)
* [CVE-2021-28477](CVE-2021/CVE-2021-284xx/CVE-2021-28477.json) (`2023-12-29T01:15:42.733`)
* [CVE-2021-28480](CVE-2021/CVE-2021-284xx/CVE-2021-28480.json) (`2023-12-29T01:15:42.943`)
* [CVE-2021-28481](CVE-2021/CVE-2021-284xx/CVE-2021-28481.json) (`2023-12-29T01:15:43.157`)
* [CVE-2021-28482](CVE-2021/CVE-2021-284xx/CVE-2021-28482.json) (`2023-12-29T01:15:43.337`)
* [CVE-2021-28483](CVE-2021/CVE-2021-284xx/CVE-2021-28483.json) (`2023-12-29T01:15:43.510`)
* [CVE-2023-43314](CVE-2023/CVE-2023-433xx/CVE-2023-43314.json) (`2023-12-29T01:15:43.687`)
* [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2023-12-29T02:15:45.130`)
* [CVE-2023-29486](CVE-2023/CVE-2023-294xx/CVE-2023-29486.json) (`2023-12-29T02:20:40.423`)
* [CVE-2023-29485](CVE-2023/CVE-2023-294xx/CVE-2023-29485.json) (`2023-12-29T02:21:17.843`)
* [CVE-2023-46624](CVE-2023/CVE-2023-466xx/CVE-2023-46624.json) (`2023-12-29T02:56:36.643`)
* [CVE-2023-46724](CVE-2023/CVE-2023-467xx/CVE-2023-46724.json) (`2023-12-29T03:15:10.793`)
* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-12-29T03:15:10.917`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-29T03:15:11.033`)
* [CVE-2023-49285](CVE-2023/CVE-2023-492xx/CVE-2023-49285.json) (`2023-12-29T03:15:11.340`)
* [CVE-2023-49286](CVE-2023/CVE-2023-492xx/CVE-2023-49286.json) (`2023-12-29T03:15:11.453`)
* [CVE-2023-49288](CVE-2023/CVE-2023-492xx/CVE-2023-49288.json) (`2023-12-29T03:15:11.580`)
* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2023-12-29T03:15:11.727`)
* [CVE-2023-45121](CVE-2023/CVE-2023-451xx/CVE-2023-45121.json) (`2023-12-29T03:18:17.760`)
* [CVE-2023-45120](CVE-2023/CVE-2023-451xx/CVE-2023-45120.json) (`2023-12-29T03:18:26.660`)
* [CVE-2023-50829](CVE-2023/CVE-2023-508xx/CVE-2023-50829.json) (`2023-12-29T03:25:31.847`)
* [CVE-2023-50830](CVE-2023/CVE-2023-508xx/CVE-2023-50830.json) (`2023-12-29T03:26:55.917`)
* [CVE-2023-49826](CVE-2023/CVE-2023-498xx/CVE-2023-49826.json) (`2023-12-29T03:27:14.887`)
* [CVE-2023-49162](CVE-2023/CVE-2023-491xx/CVE-2023-49162.json) (`2023-12-29T03:27:45.697`)
* [CVE-2023-48288](CVE-2023/CVE-2023-482xx/CVE-2023-48288.json) (`2023-12-29T03:27:57.107`)
* [CVE-2023-2487](CVE-2023/CVE-2023-24xx/CVE-2023-2487.json) (`2023-12-29T03:33:34.067`)
* [CVE-2023-28421](CVE-2023/CVE-2023-284xx/CVE-2023-28421.json) (`2023-12-29T03:33:41.567`)
* [CVE-2023-49778](CVE-2023/CVE-2023-497xx/CVE-2023-49778.json) (`2023-12-29T03:34:00.247`)
* [CVE-2023-32242](CVE-2023/CVE-2023-322xx/CVE-2023-32242.json) (`2023-12-29T03:34:38.427`)
* [CVE-2023-49762](CVE-2023/CVE-2023-497xx/CVE-2023-49762.json) (`2023-12-29T03:47:20.780`)
* [CVE-2023-51051](CVE-2023/CVE-2023-510xx/CVE-2023-51051.json) (`2023-12-29T03:47:42.610`)
* [CVE-2023-51052](CVE-2023/CVE-2023-510xx/CVE-2023-51052.json) (`2023-12-29T03:47:49.743`)
* [CVE-2023-50831](CVE-2023/CVE-2023-508xx/CVE-2023-50831.json) (`2023-12-29T03:48:39.267`)
* [CVE-2023-50823](CVE-2023/CVE-2023-508xx/CVE-2023-50823.json) (`2023-12-29T04:10:31.830`)
* [CVE-2023-50824](CVE-2023/CVE-2023-508xx/CVE-2023-50824.json) (`2023-12-29T04:10:48.907`)
* [CVE-2023-50828](CVE-2023/CVE-2023-508xx/CVE-2023-50828.json) (`2023-12-29T04:26:35.477`)
## Download and Usage