diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36399.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36399.json index c60c4310b74..82e80251eb6 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36399.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36399.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36399", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T22:15:45.150", - "lastModified": "2023-12-28T22:15:45.150", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45377.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45377.json index c305e910a03..783705f40a3 100644 --- a/CVE-2022/CVE-2022-453xx/CVE-2022-45377.json +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45377.json @@ -2,16 +2,40 @@ "id": "CVE-2022-45377", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T13:15:08.330", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:46:35.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga de archivos con tipo peligroso sin restricciones en Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce. Este problema afecta a Drag and Drop Multiple File Upload for WooCommerce: desde n/a hasta 1.0.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.9", + "matchCriteriaId": "6D451285-A95F-4518-81C5-D8C9865E83B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-for-woocommerce/wordpress-drag-and-drop-multiple-file-upload-for-woocommerce-plugin-1-0-8-multiple-vulnerabilities?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23424.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23424.json new file mode 100644 index 00000000000..1539caf084c --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23424.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23424", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:08.843", + "lastModified": "2023-12-29T03:15:08.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause code execution\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23424/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23426.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23426.json new file mode 100644 index 00000000000..8499060371d --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23426.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23426", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:09.040", + "lastModified": "2023-12-29T03:15:09.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23426/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23427.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23427.json new file mode 100644 index 00000000000..4a347e3f145 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23427.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23427", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:09.203", + "lastModified": "2023-12-29T03:15:09.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23427/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23428.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23428.json new file mode 100644 index 00000000000..4693c2b0478 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23428.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23428", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:09.403", + "lastModified": "2023-12-29T03:15:09.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23428/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23429.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23429.json new file mode 100644 index 00000000000..31a7161bf71 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23429.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23429", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:09.600", + "lastModified": "2023-12-29T03:15:09.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23429/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23430.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23430.json new file mode 100644 index 00000000000..89468017462 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23430.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23430", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:09.813", + "lastModified": "2023-12-29T03:15:09.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23430/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json index 4ecfe614ba0..298f530aea2 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23431", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T02:15:43.803", - "lastModified": "2023-12-29T02:15:43.803", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json index 3816aa12296..a27d823db9a 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23432", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T02:15:44.063", - "lastModified": "2023-12-29T02:15:44.063", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json index dc374a3af35..d6f2eeb758d 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23433", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T02:15:44.253", - "lastModified": "2023-12-29T02:15:44.253", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json index ec80cbec1c0..acb18993a56 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23434", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T02:15:44.437", - "lastModified": "2023-12-29T02:15:44.437", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json index 83a8ec4762b..3ae96fe6055 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23435", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T02:15:44.597", - "lastModified": "2023-12-29T02:15:44.597", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json index 715582c4f3d..3db84569fbd 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23436", "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2023-12-29T02:15:44.783", - "lastModified": "2023-12-29T02:15:44.783", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23437.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23437.json new file mode 100644 index 00000000000..307301620fd --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23437.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23437", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:10.020", + "lastModified": "2023-12-29T03:15:10.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23437/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23438.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23438.json new file mode 100644 index 00000000000..fbfd0311e2c --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23438.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23438", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:10.190", + "lastModified": "2023-12-29T03:15:10.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23438/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23439.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23439.json new file mode 100644 index 00000000000..4ab9c062f2c --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23439.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23439", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:10.353", + "lastModified": "2023-12-29T03:15:10.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23439/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23440.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23440.json new file mode 100644 index 00000000000..853f8ef01ab --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23440.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23440", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T03:15:10.520", + "lastModified": "2023-12-29T03:15:10.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23440/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23441.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23441.json new file mode 100644 index 00000000000..def0d02a254 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23441.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23441", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:08.547", + "lastModified": "2023-12-29T04:15:08.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23441/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23442.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23442.json new file mode 100644 index 00000000000..424e6643369 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23442.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23442", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:08.717", + "lastModified": "2023-12-29T04:15:08.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23442/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23443.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23443.json new file mode 100644 index 00000000000..ebb27c8cc27 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23443.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23443", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:08.883", + "lastModified": "2023-12-29T04:15:08.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23443/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2487.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2487.json index d50655768ce..d73dfda22f2 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2487.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2487.json @@ -2,16 +2,40 @@ "id": "CVE-2023-2487", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T14:15:07.750", - "lastModified": "2023-12-21T18:15:45.660", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:33:34.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Smackcoders Export All Posts, Products, Orders, Refunds & Users. Este problema afecta a Export All Posts, Products, Orders, Refunds & Users: desde n/a hasta 2.4.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smackcoders:export_all_posts\\,_products\\,_orders\\,_refunds_\\&_users:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.1", + "matchCriteriaId": "E590B061-AA0A-4478-ABCB-25293717C9A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28421.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28421.json index 5a15e91ada1..e3c1e6c6527 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28421.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28421.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28421", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T14:15:07.370", - "lastModified": "2023-12-21T18:15:45.660", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:33:41.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin \u2013 WP Email Capture.This issue affects WordPress Email Marketing Plugin \u2013 WP Email Capture: from n/a through 3.10.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Winwar Media WordPress Email Marketing Plugin \u2013 WP Email Capture. Este problema afecta a WordPress Email Marketing Plugin \u2013 WP Email Capture: desde n/a hasta 3.10." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:winwar:wp_email_capture:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.11", + "matchCriteriaId": "4E4D5817-69A9-422D-90EC-CC14E798C70F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-email-capture/wordpress-wp-email-capture-plugin-3-10-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json index 52755f8ad67..50c4cb246ab 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31292", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-29T02:15:44.983", - "lastModified": "2023-12-29T02:15:44.983", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31293.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31293.json new file mode 100644 index 00000000000..fd1039adf32 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31293.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31293", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T03:15:10.690", + "lastModified": "2023-12-29T03:15:10.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0061/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31294.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31294.json new file mode 100644 index 00000000000..c4fbd116fc7 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31294.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31294", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T03:15:10.740", + "lastModified": "2023-12-29T03:15:10.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0052/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31296.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31296.json new file mode 100644 index 00000000000..a2dfeb9103d --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31296.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31296", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T04:15:09.053", + "lastModified": "2023-12-29T04:15:09.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0054/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json index c60b1eb0f04..41375fe8a7b 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31298", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-29T02:15:45.037", - "lastModified": "2023-12-29T02:15:45.037", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json b/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json index f6a4a4e122a..8881731a469 100644 --- a/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json +++ b/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31301", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-29T02:15:45.080", - "lastModified": "2023-12-29T02:15:45.080", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32242.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32242.json index c6401a9ffc5..49239fc2dde 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32242.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32242.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32242", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T13:15:08.710", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:34:38.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en xtemos WoodMart - Multipurpose WooCommerce Theme. Este problema afecta a WoodMart - Multipurpose WooCommerce Theme: desde n/a hasta 1.0.36." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.37", + "matchCriteriaId": "8FC48A9E-D528-4743-9B01-D4134C1016FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json index 3fb3e4a0da7..b7419743e43 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45120", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T17:15:08.153", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:18:26.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'qid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'qid' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/argerich/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json index 93b0e5127eb..b79fdb0a62c 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json @@ -2,19 +2,43 @@ "id": "CVE-2023-45121", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T17:15:08.440", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:18:17.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'desc' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas. El par\u00e1metro 'desc' del recurso update.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." } ], "metrics": { "cvssMetricV31": [ { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "help@fluidattacks.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/argerich/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46724.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46724.json index 6c1991c39bb..4bc5f509379 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46724.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46724.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46724", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-01T20:15:08.800", - "lastModified": "2023-12-08T19:15:07.787", + "lastModified": "2023-12-29T03:15:10.793", "vulnStatus": "Modified", "descriptions": [ { @@ -146,6 +146,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", + "source": "security-advisories@github.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20231208-0001/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json index 698682e1a40..dce9c60cb70 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46728", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-06T18:15:08.637", - "lastModified": "2023-12-14T10:15:08.277", + "lastModified": "2023-12-29T03:15:10.917", "vulnStatus": "Modified", "descriptions": [ { @@ -103,6 +103,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", + "source": "security-advisories@github.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20231214-0006/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47267.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47267.json index 007fc1407e6..5ec49c56774 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47267.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47267.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47267", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-19T22:15:08.060", - "lastModified": "2023-12-20T13:50:26.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:11:24.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,96 @@ "value": "Un problema descubierto en TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87 y Windows Enterprise VPN Client 6.87 permite a los atacantes obtener privilegios aumentados mediante cambios elaborados en el archivo asignado en memoria." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thegreenbow:windows_enterprise_certified_vpn:6.52:*:*:*:*:*:*:*", + "matchCriteriaId": "9EC69419-D075-4391-9D46-A904FA536C2C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thegreenbow:windows_standard_vpn:6.87:*:*:*:*:*:*:*", + "matchCriteriaId": "BE7F671C-C042-4985-8C97-6D134C05423B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thegreenbow:windows_enterprise_vpn:6.87:*:*:*:*:*:*:*", + "matchCriteriaId": "65AE0381-D382-4FE5-89BA-DB66D7B39329" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48288.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48288.json index 8c532acb8d2..23130e0a755 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48288.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48288.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48288", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T14:15:08.293", - "lastModified": "2023-12-21T18:15:45.660", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:27:57.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP.This issue affects WordPress Job Board and Recruitment Plugin \u2013 JobWP: from n/a through 2.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP. Este problema afecta a WordPress Job Board and Recruitment Plugin \u2013 JobWP: desde n/a hasta 2.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hmplugin:jobwp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2", + "matchCriteriaId": "C86EDF31-1063-441D-B6FB-FE4AD038F96E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json index c2d7c699cca..1bac9473248 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48795", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T16:15:10.897", - "lastModified": "2023-12-28T18:26:43.827", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T03:15:11.033", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -1540,6 +1540,14 @@ "Mailing List" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49162.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49162.json index 58d9712e9ce..616c5b12b6e 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49162.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49162.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49162", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T14:15:08.773", - "lastModified": "2023-12-21T18:15:45.660", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:27:45.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en BigCommerce BigCommerce para WordPress. Este problema afecta a BigCommerce para WordPress: desde n/a hasta 5.0.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bigcommerce:bigcommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.0.6", + "matchCriteriaId": "CC5B10C8-EABF-4F82-9FD4-7B8F51557876" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bigcommerce/wordpress-bigcommerce-for-wordpress-plugin-5-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json index 4c7690bf136..ea6c2de295d 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49285", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.007", - "lastModified": "2023-12-08T17:30:27.670", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T03:15:11.340", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -133,6 +133,14 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json index 27329ad1597..2ad56ca5399 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49286", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.243", - "lastModified": "2023-12-08T17:30:06.817", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T03:15:11.453", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -127,6 +127,14 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json index a8f2597b4a4..99a63c45473 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49288", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.477", - "lastModified": "2023-12-08T17:29:23.270", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T03:15:11.580", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -96,6 +96,14 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49762.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49762.json index 5107a91e305..98d1c33e142 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49762.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49762.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49762", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T13:15:08.990", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:47:20.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite \u2013 Create an app with the Best Mobile App Builder.This issue affects AppMySite \u2013 Create an app with the Best Mobile App Builder: from n/a through 3.11.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en AppMySite AppMySite \u2013 Create an app with the Best Mobile App Builder. Este problema afecta a AppMySite \u2013 Create an app with the Best Mobile App Builder: desde n/a hasta 3.11.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:appmysite:appmysite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.11.0", + "matchCriteriaId": "0477D207-DF11-43D8-B358-556863A3E89B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/appmysite/wordpress-appmysite-create-an-app-with-the-best-mobile-app-builder-plugin-3-10-0-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49778.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49778.json index 893e060aa3e..7cae5adb44b 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49778.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49778.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49778", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T13:15:09.287", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:34:00.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Hakan Demiray Sayfa Sayac. Este problema afecta a Sayfa Sayac: desde n/a hasta 2.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dmry:sayfa_sayac:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6", + "matchCriteriaId": "8A210805-2BE4-4FFC-A0FC-E2F291D2398D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49826.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49826.json index bdafbfa22a1..804205d08c9 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49826.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49826.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49826", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T13:15:09.557", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:27:14.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. Este problema afecta a Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: desde n/a hasta 8.4.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pencidesign:soledad:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.4.2", + "matchCriteriaId": "B180026A-9BBA-413D-943C-C3F5F932299A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50104.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50104.json index 845127c76f5..1de94a8f283 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50104.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50104.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50104", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-29T00:15:50.233", - "lastModified": "2023-12-29T00:15:50.233", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json index aa305a4b1e8..01dd5cf7532 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50269.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50269", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-14T18:15:45.070", - "lastModified": "2023-12-27T19:02:49.040", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T03:15:11.727", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -172,6 +172,14 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50448.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50448.json index 88dc7a02956..b97ab685d00 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50448.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50448.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50448", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T23:15:43.500", - "lastModified": "2023-12-28T23:15:43.500", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50473.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50473.json index 0f52deda7c6..b0da6fa0136 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50473.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50473.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50473", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T11:15:08.300", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:13:42.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,18 +11,76 @@ }, { "lang": "es", - "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en bill-ahmed qbit-matUI versi\u00f3n 1.16.4, permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de identificadores de sesi\u00f3n fijos (SID) en el archivo index.js." + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en bill-ahmed qbit-matUI versi\u00f3n 1.16.4 permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de identificadores de sesi\u00f3n fijos (SID) en el archivo index.js." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:billahmed:qbit_matui:1.16.4:*:*:*:*:*:*:*", + "matchCriteriaId": "5C49AEFE-02A9-43F6-8D34-A7A6A974223A" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/bill-ahmed/qbit-matUI/issues/207", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50473.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json index 971b0b269d5..3b20f121c43 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50823.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50823", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T15:15:11.187", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T04:10:31.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Wipeout Media CSS & JavaScript Toolbox permite XSS almacenado. Este problema afecta a CSS & JavaScript Toolbox: desde n/a hasta 11.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wipeoutmedia:css_\\&_javascript_toolbox:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "11.7", + "matchCriteriaId": "84C49F17-FD4D-4AB2-B119-8BCB63A2BBFE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json index 2d2d0ac6e68..608a41d9a16 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50824.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50824", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T15:15:11.487", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T04:10:48.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Brian Batt Insert or Embed Articulate Content into WordPress permite XSS almacenado. Este problema afecta a Insert or Embed Articulate Content into WordPress: desde n/a hasta 4.3000000021." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.3000000021", + "matchCriteriaId": "EF54E362-ABB8-4B55-BD88-E59D1EAC2F4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/insert-or-embed-articulate-content-into-wordpress/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json index efc3a096586..6b4abcb0ad9 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50828.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50828", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T15:15:12.990", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T04:26:35.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard \u2013 Custom WordPress Dashboard: from n/a through 3.7.11.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard permite XSS almacenado. Este problema afecta a Ultimate Dashboard \u2013 Custom WordPress Dashboard: desde n/a hasta 3.7.11." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:davidvongries:ultimate_dashboard:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.11", + "matchCriteriaId": "7B117D0B-236C-4B5D-A2CD-E0C73A79E239" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ultimate-dashboard/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50829.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50829.json index 308b4b31b18..d1a1fedc51f 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50829.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50829.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50829", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T18:15:07.477", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:25:31.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aerin Loan Repayment Calculator and Application Form permite XSS almacenado. Este problema afecta a Loan Repayment Calculator and Application Form: desde n/a hasta 2.9.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quick-plugins:loan_repayment_calculator_and_application_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.9.3", + "matchCriteriaId": "95C9777F-68AF-474E-809D-6C1400791B14" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/quick-interest-slider/wordpress-loan-repayment-calculator-and-application-form-plugin-2-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50830.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50830.json index dd3c5d85159..f67b025868a 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50830.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50830.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50830", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T18:15:07.797", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:26:55.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Seosbg Seos Contact Form permite XSS almacenado. Este problema afecta a Seos Contact Form: desde n/a hasta 1.8.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seosthemes:seos_contact_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.0", + "matchCriteriaId": "9831CB94-C398-4557-8912-14C0EC0FDE1D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/seos-contact-form/wordpress-seos-contact-form-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50831.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50831.json index 50be2a1d4ea..8070ef21d02 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50831.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50831.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50831", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T18:15:08.050", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:48:39.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY \u2013 Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY \u2013 Multi Currency for WooCommerce: from n/a through 2.2.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en VillaTheme CURCY \u2013 Multi Currency for WooCommerce permite XSS almacenado. Este problema afecta a CURCY \u2013 Multi Currency for WooCommerce: desde n/a hasta 2.2.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:villatheme:curcy:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.0", + "matchCriteriaId": "B7F9722A-1506-41CC-AC9D-91D70D530BF8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-multi-currency/wordpress-curcy-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json index 68bc7d13185..cf8fc50cd5f 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51051.json @@ -2,19 +2,78 @@ "id": "CVE-2023-51051", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T16:15:11.110", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:47:42.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_textauth en /admin/ajax.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json index aea4fb80f7e..4fec2795c55 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51052.json @@ -2,19 +2,78 @@ "id": "CVE-2023-51052", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T16:15:11.220", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T03:47:49.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que S-CMS v5.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro A_formauth en /admin/ajax.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3797FECE-5F4C-4A17-B21E-15BE49A20B41" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51426.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51426.json new file mode 100644 index 00000000000..a94d3fce16d --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51426.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51426", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:09.100", + "lastModified": "2023-12-29T04:15:09.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51426/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51427.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51427.json new file mode 100644 index 00000000000..44fa0d764e5 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51427.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51427", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:09.300", + "lastModified": "2023-12-29T04:15:09.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51427/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51428.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51428.json new file mode 100644 index 00000000000..1cea408d9a6 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51428.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51428", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:09.503", + "lastModified": "2023-12-29T04:15:09.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51428/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51429.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51429.json new file mode 100644 index 00000000000..1ed9e25dcfd --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51429.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51429", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:09.690", + "lastModified": "2023-12-29T04:15:09.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51429/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json new file mode 100644 index 00000000000..8f42920f70c --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51430.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51430", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:09.847", + "lastModified": "2023-12-29T04:15:09.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51430/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json new file mode 100644 index 00000000000..4b12f4be470 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51431.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51431", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:10.010", + "lastModified": "2023-12-29T04:15:10.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51431/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json new file mode 100644 index 00000000000..baca8236035 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51432.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51432", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:10.177", + "lastModified": "2023-12-29T04:15:10.177", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.2, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51432/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json new file mode 100644 index 00000000000..a3fba87b680 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51433.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51433", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:10.343", + "lastModified": "2023-12-29T04:15:10.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.9, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.4, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51433/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json new file mode 100644 index 00000000000..a1f384054f6 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51434.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51434", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:10.513", + "lastModified": "2023-12-29T04:15:10.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51434/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json new file mode 100644 index 00000000000..40e42664834 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51435.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-51435", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:10.677", + "lastModified": "2023-12-29T04:15:10.677", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-51435/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52083.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52083.json index 6b838a48bfd..65af83f5043 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52083.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52083.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52083", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-28T23:15:43.557", - "lastModified": "2023-12-28T23:15:43.557", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52084.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52084.json index b039a7b8cc9..a0f11477532 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52084.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52084.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52084", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-28T23:15:43.777", - "lastModified": "2023-12-28T23:15:43.777", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52085.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52085.json index 1f16a082446..42f9c2fccf7 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52085.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52085", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-29T00:15:50.300", - "lastModified": "2023-12-29T00:15:50.300", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json index 8f5f50c6991..84d21957efc 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52152.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52152", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T23:15:44.197", - "lastModified": "2023-12-28T23:15:44.197", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52173.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52173.json new file mode 100644 index 00000000000..5d22c8fb29e --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52173.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52173", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T04:15:10.847", + "lastModified": "2023-12-29T04:15:10.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x54D%5D%2B3%7B%2B0~3%23460c%7D%20469.15d%20%40%20xnview.exe%2B0x3ADBD0.html", + "source": "cve@mitre.org" + }, + { + "url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52174.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52174.json new file mode 100644 index 00000000000..5ac1a9f0912 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52174.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52174", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T04:15:10.893", + "lastModified": "2023-12-29T04:15:10.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html", + "source": "cve@mitre.org" + }, + { + "url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json new file mode 100644 index 00000000000..a57a3d9ed85 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6939.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-6939", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T04:15:10.937", + "lastModified": "2023-12-29T04:15:10.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-6939/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json index 6036a394ef7..a83d31a4406 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7135.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7135", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T21:15:07.897", - "lastModified": "2023-12-28T21:15:07.897", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json index 51f763db72d..8dcba3a5b25 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7136.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7136", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T21:15:08.130", - "lastModified": "2023-12-28T21:15:08.130", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json index d9c07f7c30f..8447d5eb1cc 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7137.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7137", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T22:15:45.373", - "lastModified": "2023-12-28T22:15:45.373", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json index fcf5b537377..499a99f103e 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7138.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7138", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T22:15:45.603", - "lastModified": "2023-12-28T22:15:45.603", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:50.730", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json index 072e8f30859..68086b2b49e 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7139.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7139", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T23:15:44.263", - "lastModified": "2023-12-28T23:15:44.263", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json index 23ff05a6e01..600ffe93730 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7140.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7140", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T23:15:44.623", - "lastModified": "2023-12-28T23:15:44.623", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json index 83e882d2607..7d22aac740b 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7141.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7141", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T00:15:50.517", - "lastModified": "2023-12-29T00:15:50.517", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json index 469b5e48fc5..627ea5922f7 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7142.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7142", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T00:15:50.740", - "lastModified": "2023-12-29T00:15:50.740", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json index 952a205a69b..9896516a20d 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7143", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T01:15:43.917", - "lastModified": "2023-12-29T01:15:43.917", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json index e0ce38cfd96..61b2ab3371f 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7144", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T01:15:44.137", - "lastModified": "2023-12-29T01:15:44.137", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json index 43ed4bd4ba7..b8d85964ecf 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7145", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T02:15:45.180", - "lastModified": "2023-12-29T02:15:45.180", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json index 9f96d290674..92ee41fdf9a 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7146", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-29T02:15:45.387", - "lastModified": "2023-12-29T02:15:45.387", - "vulnStatus": "Received", + "lastModified": "2023-12-29T03:13:44.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7147.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7147.json new file mode 100644 index 00000000000..1be82545c0a --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7147.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7147", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T03:15:11.847", + "lastModified": "2023-12-29T03:15:11.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/affd8cjn50HC", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249150", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249150", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7148.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7148.json new file mode 100644 index 00000000000..78fa8ac8130 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7148.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7148", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T03:15:12.110", + "lastModified": "2023-12-29T03:15:12.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.1 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 4.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1ST3dD-iwUBgBNZ8tGaBbqVi1zRh5rLND/view", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249151", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249151", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json new file mode 100644 index 00000000000..7cecb08efc2 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7149.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7149", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T04:15:11.103", + "lastModified": "2023-12-29T04:15:11.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input \"> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h4md153v63n/CVEs/blob/main/QR_Code_Generator/QR_Code_Generator-Reflected_Cross_Site_Scripting.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249153", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249153", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json new file mode 100644 index 00000000000..2bf6786bca1 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7150.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7150", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T04:15:11.333", + "lastModified": "2023-12-29T04:15:11.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/laoquanshi/-Arbitrary-file-upload-vulnerability-", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249157", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249157", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b8b3a51a56b..89d3ae1c99f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-29T03:00:24.898739+00:00 +2023-12-29T05:00:25.688072+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-29T02:56:36.643000+00:00 +2023-12-29T04:26:35.477000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234393 +234426 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `33` -* [CVE-2023-7143](CVE-2023/CVE-2023-71xx/CVE-2023-7143.json) (`2023-12-29T01:15:43.917`) -* [CVE-2023-7144](CVE-2023/CVE-2023-71xx/CVE-2023-7144.json) (`2023-12-29T01:15:44.137`) -* [CVE-2023-23431](CVE-2023/CVE-2023-234xx/CVE-2023-23431.json) (`2023-12-29T02:15:43.803`) -* [CVE-2023-23432](CVE-2023/CVE-2023-234xx/CVE-2023-23432.json) (`2023-12-29T02:15:44.063`) -* [CVE-2023-23433](CVE-2023/CVE-2023-234xx/CVE-2023-23433.json) (`2023-12-29T02:15:44.253`) -* [CVE-2023-23434](CVE-2023/CVE-2023-234xx/CVE-2023-23434.json) (`2023-12-29T02:15:44.437`) -* [CVE-2023-23435](CVE-2023/CVE-2023-234xx/CVE-2023-23435.json) (`2023-12-29T02:15:44.597`) -* [CVE-2023-23436](CVE-2023/CVE-2023-234xx/CVE-2023-23436.json) (`2023-12-29T02:15:44.783`) -* [CVE-2023-31292](CVE-2023/CVE-2023-312xx/CVE-2023-31292.json) (`2023-12-29T02:15:44.983`) -* [CVE-2023-31298](CVE-2023/CVE-2023-312xx/CVE-2023-31298.json) (`2023-12-29T02:15:45.037`) -* [CVE-2023-31301](CVE-2023/CVE-2023-313xx/CVE-2023-31301.json) (`2023-12-29T02:15:45.080`) -* [CVE-2023-7145](CVE-2023/CVE-2023-71xx/CVE-2023-7145.json) (`2023-12-29T02:15:45.180`) -* [CVE-2023-7146](CVE-2023/CVE-2023-71xx/CVE-2023-7146.json) (`2023-12-29T02:15:45.387`) +* [CVE-2023-23439](CVE-2023/CVE-2023-234xx/CVE-2023-23439.json) (`2023-12-29T03:15:10.353`) +* [CVE-2023-23440](CVE-2023/CVE-2023-234xx/CVE-2023-23440.json) (`2023-12-29T03:15:10.520`) +* [CVE-2023-31293](CVE-2023/CVE-2023-312xx/CVE-2023-31293.json) (`2023-12-29T03:15:10.690`) +* [CVE-2023-31294](CVE-2023/CVE-2023-312xx/CVE-2023-31294.json) (`2023-12-29T03:15:10.740`) +* [CVE-2023-7147](CVE-2023/CVE-2023-71xx/CVE-2023-7147.json) (`2023-12-29T03:15:11.847`) +* [CVE-2023-7148](CVE-2023/CVE-2023-71xx/CVE-2023-7148.json) (`2023-12-29T03:15:12.110`) +* [CVE-2023-23441](CVE-2023/CVE-2023-234xx/CVE-2023-23441.json) (`2023-12-29T04:15:08.547`) +* [CVE-2023-23442](CVE-2023/CVE-2023-234xx/CVE-2023-23442.json) (`2023-12-29T04:15:08.717`) +* [CVE-2023-23443](CVE-2023/CVE-2023-234xx/CVE-2023-23443.json) (`2023-12-29T04:15:08.883`) +* [CVE-2023-31296](CVE-2023/CVE-2023-312xx/CVE-2023-31296.json) (`2023-12-29T04:15:09.053`) +* [CVE-2023-51426](CVE-2023/CVE-2023-514xx/CVE-2023-51426.json) (`2023-12-29T04:15:09.100`) +* [CVE-2023-51427](CVE-2023/CVE-2023-514xx/CVE-2023-51427.json) (`2023-12-29T04:15:09.300`) +* [CVE-2023-51428](CVE-2023/CVE-2023-514xx/CVE-2023-51428.json) (`2023-12-29T04:15:09.503`) +* [CVE-2023-51429](CVE-2023/CVE-2023-514xx/CVE-2023-51429.json) (`2023-12-29T04:15:09.690`) +* [CVE-2023-51430](CVE-2023/CVE-2023-514xx/CVE-2023-51430.json) (`2023-12-29T04:15:09.847`) +* [CVE-2023-51431](CVE-2023/CVE-2023-514xx/CVE-2023-51431.json) (`2023-12-29T04:15:10.010`) +* [CVE-2023-51432](CVE-2023/CVE-2023-514xx/CVE-2023-51432.json) (`2023-12-29T04:15:10.177`) +* [CVE-2023-51433](CVE-2023/CVE-2023-514xx/CVE-2023-51433.json) (`2023-12-29T04:15:10.343`) +* [CVE-2023-51434](CVE-2023/CVE-2023-514xx/CVE-2023-51434.json) (`2023-12-29T04:15:10.513`) +* [CVE-2023-51435](CVE-2023/CVE-2023-514xx/CVE-2023-51435.json) (`2023-12-29T04:15:10.677`) +* [CVE-2023-52173](CVE-2023/CVE-2023-521xx/CVE-2023-52173.json) (`2023-12-29T04:15:10.847`) +* [CVE-2023-52174](CVE-2023/CVE-2023-521xx/CVE-2023-52174.json) (`2023-12-29T04:15:10.893`) +* [CVE-2023-6939](CVE-2023/CVE-2023-69xx/CVE-2023-6939.json) (`2023-12-29T04:15:10.937`) +* [CVE-2023-7149](CVE-2023/CVE-2023-71xx/CVE-2023-7149.json) (`2023-12-29T04:15:11.103`) +* [CVE-2023-7150](CVE-2023/CVE-2023-71xx/CVE-2023-7150.json) (`2023-12-29T04:15:11.333`) ### CVEs modified in the last Commit -Recently modified CVEs: `33` +Recently modified CVEs: `56` -* [CVE-2021-28454](CVE-2021/CVE-2021-284xx/CVE-2021-28454.json) (`2023-12-29T01:15:39.943`) -* [CVE-2021-28456](CVE-2021/CVE-2021-284xx/CVE-2021-28456.json) (`2023-12-29T01:15:40.137`) -* [CVE-2021-28457](CVE-2021/CVE-2021-284xx/CVE-2021-28457.json) (`2023-12-29T01:15:40.310`) -* [CVE-2021-28458](CVE-2021/CVE-2021-284xx/CVE-2021-28458.json) (`2023-12-29T01:15:40.487`) -* [CVE-2021-28459](CVE-2021/CVE-2021-284xx/CVE-2021-28459.json) (`2023-12-29T01:15:40.660`) -* [CVE-2021-28460](CVE-2021/CVE-2021-284xx/CVE-2021-28460.json) (`2023-12-29T01:15:40.890`) -* [CVE-2021-28464](CVE-2021/CVE-2021-284xx/CVE-2021-28464.json) (`2023-12-29T01:15:41.093`) -* [CVE-2021-28466](CVE-2021/CVE-2021-284xx/CVE-2021-28466.json) (`2023-12-29T01:15:41.263`) -* [CVE-2021-28468](CVE-2021/CVE-2021-284xx/CVE-2021-28468.json) (`2023-12-29T01:15:41.433`) -* [CVE-2021-28469](CVE-2021/CVE-2021-284xx/CVE-2021-28469.json) (`2023-12-29T01:15:41.620`) -* [CVE-2021-28470](CVE-2021/CVE-2021-284xx/CVE-2021-28470.json) (`2023-12-29T01:15:41.797`) -* [CVE-2021-28471](CVE-2021/CVE-2021-284xx/CVE-2021-28471.json) (`2023-12-29T01:15:42.010`) -* [CVE-2021-28472](CVE-2021/CVE-2021-284xx/CVE-2021-28472.json) (`2023-12-29T01:15:42.177`) -* [CVE-2021-28473](CVE-2021/CVE-2021-284xx/CVE-2021-28473.json) (`2023-12-29T01:15:42.373`) -* [CVE-2021-28475](CVE-2021/CVE-2021-284xx/CVE-2021-28475.json) (`2023-12-29T01:15:42.540`) -* [CVE-2021-28477](CVE-2021/CVE-2021-284xx/CVE-2021-28477.json) (`2023-12-29T01:15:42.733`) -* [CVE-2021-28480](CVE-2021/CVE-2021-284xx/CVE-2021-28480.json) (`2023-12-29T01:15:42.943`) -* [CVE-2021-28481](CVE-2021/CVE-2021-284xx/CVE-2021-28481.json) (`2023-12-29T01:15:43.157`) -* [CVE-2021-28482](CVE-2021/CVE-2021-284xx/CVE-2021-28482.json) (`2023-12-29T01:15:43.337`) -* [CVE-2021-28483](CVE-2021/CVE-2021-284xx/CVE-2021-28483.json) (`2023-12-29T01:15:43.510`) -* [CVE-2023-43314](CVE-2023/CVE-2023-433xx/CVE-2023-43314.json) (`2023-12-29T01:15:43.687`) -* [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2023-12-29T02:15:45.130`) -* [CVE-2023-29486](CVE-2023/CVE-2023-294xx/CVE-2023-29486.json) (`2023-12-29T02:20:40.423`) -* [CVE-2023-29485](CVE-2023/CVE-2023-294xx/CVE-2023-29485.json) (`2023-12-29T02:21:17.843`) -* [CVE-2023-46624](CVE-2023/CVE-2023-466xx/CVE-2023-46624.json) (`2023-12-29T02:56:36.643`) +* [CVE-2023-46724](CVE-2023/CVE-2023-467xx/CVE-2023-46724.json) (`2023-12-29T03:15:10.793`) +* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-12-29T03:15:10.917`) +* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-29T03:15:11.033`) +* [CVE-2023-49285](CVE-2023/CVE-2023-492xx/CVE-2023-49285.json) (`2023-12-29T03:15:11.340`) +* [CVE-2023-49286](CVE-2023/CVE-2023-492xx/CVE-2023-49286.json) (`2023-12-29T03:15:11.453`) +* [CVE-2023-49288](CVE-2023/CVE-2023-492xx/CVE-2023-49288.json) (`2023-12-29T03:15:11.580`) +* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2023-12-29T03:15:11.727`) +* [CVE-2023-45121](CVE-2023/CVE-2023-451xx/CVE-2023-45121.json) (`2023-12-29T03:18:17.760`) +* [CVE-2023-45120](CVE-2023/CVE-2023-451xx/CVE-2023-45120.json) (`2023-12-29T03:18:26.660`) +* [CVE-2023-50829](CVE-2023/CVE-2023-508xx/CVE-2023-50829.json) (`2023-12-29T03:25:31.847`) +* [CVE-2023-50830](CVE-2023/CVE-2023-508xx/CVE-2023-50830.json) (`2023-12-29T03:26:55.917`) +* [CVE-2023-49826](CVE-2023/CVE-2023-498xx/CVE-2023-49826.json) (`2023-12-29T03:27:14.887`) +* [CVE-2023-49162](CVE-2023/CVE-2023-491xx/CVE-2023-49162.json) (`2023-12-29T03:27:45.697`) +* [CVE-2023-48288](CVE-2023/CVE-2023-482xx/CVE-2023-48288.json) (`2023-12-29T03:27:57.107`) +* [CVE-2023-2487](CVE-2023/CVE-2023-24xx/CVE-2023-2487.json) (`2023-12-29T03:33:34.067`) +* [CVE-2023-28421](CVE-2023/CVE-2023-284xx/CVE-2023-28421.json) (`2023-12-29T03:33:41.567`) +* [CVE-2023-49778](CVE-2023/CVE-2023-497xx/CVE-2023-49778.json) (`2023-12-29T03:34:00.247`) +* [CVE-2023-32242](CVE-2023/CVE-2023-322xx/CVE-2023-32242.json) (`2023-12-29T03:34:38.427`) +* [CVE-2023-49762](CVE-2023/CVE-2023-497xx/CVE-2023-49762.json) (`2023-12-29T03:47:20.780`) +* [CVE-2023-51051](CVE-2023/CVE-2023-510xx/CVE-2023-51051.json) (`2023-12-29T03:47:42.610`) +* [CVE-2023-51052](CVE-2023/CVE-2023-510xx/CVE-2023-51052.json) (`2023-12-29T03:47:49.743`) +* [CVE-2023-50831](CVE-2023/CVE-2023-508xx/CVE-2023-50831.json) (`2023-12-29T03:48:39.267`) +* [CVE-2023-50823](CVE-2023/CVE-2023-508xx/CVE-2023-50823.json) (`2023-12-29T04:10:31.830`) +* [CVE-2023-50824](CVE-2023/CVE-2023-508xx/CVE-2023-50824.json) (`2023-12-29T04:10:48.907`) +* [CVE-2023-50828](CVE-2023/CVE-2023-508xx/CVE-2023-50828.json) (`2023-12-29T04:26:35.477`) ## Download and Usage