admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-12T18:00:24.510144+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-12 18:00:28 +00:00
parent 49c37d3d38
commit f0405b987e
69 changed files with 3683 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2015/CVE-2015-101xx/CVE-2015-10126.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2015-10126",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-06T08:15:43.293",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:19:46.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Easy2Map Photos Plugin 1.0.1 en WordPress y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.1.0 puede solucionar este problema. El parche se identifica como 503d9ee2482d27c065f78d9546f076a406189908. Se recomienda actualizar el componente afectado. VDB-241318 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:steven_ellis:easy2map_photos:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.0",
"matchCriteriaId": "6545C3E9-2904-4E6A-90A3-340C4A72DDA6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/easy2map-photos/commit/503d9ee2482d27c065f78d9546f076a406189908",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.241318",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.241318",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-212xx/CVE-2023-21244.json
View File

@ -2,31 +2,118 @@
"id": "CVE-2023-21244",
"sourceIdentifier": "security@android.com",
"published": "2023-10-06T19:15:12.667",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T16:46:48.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En visitUris de Notification.java, existe una posible omisi\u00f3n de los l\u00edmites del perfil de usuario debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda llevar a una escalada local de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-10-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-223xx/CVE-2023-22308.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22308",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:09.967",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737",
"source": "talos-cna@cisco.com"
}
]
}

59
CVE-2023/CVE-2023-223xx/CVE-2023-22325.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-22325",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:10.283",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23581.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23581",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:10.937",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-257xx/CVE-2023-25774.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25774",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.297",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743",
"source": "talos-cna@cisco.com"
}
]
}

4
CVE-2023/CVE-2023-273xx/CVE-2023-27315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27315",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T14:15:10.170",
"lastModified": "2023-10-12T14:15:10.170",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-273xx/CVE-2023-27395.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-27395",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.583",
"lastModified": "2023-10-12T17:15:09.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1735",
"source": "talos-cna@cisco.com"
}
]
}

59
CVE-2023/CVE-2023-275xx/CVE-2023-27516.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-27516",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.670",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-453"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31192.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31192",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.760",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-457"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
}
]
}

4
CVE-2023/CVE-2023-321xx/CVE-2023-32124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32124",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:46.867",
"lastModified": "2023-10-12T15:15:46.867",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-322xx/CVE-2023-32275.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32275",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.840",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
}
]
}

59
CVE-2023/CVE-2023-326xx/CVE-2023-32634.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32634",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.920",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-300"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
}
]
}

16
CVE-2023/CVE-2023-332xx/CVE-2023-33297.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-33297",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T05:15:09.460",
"lastModified": "2023-06-01T06:15:13.677",
"lastModified": "2023-10-12T16:15:12.003",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023."
"value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023."
}
],
"metrics": {
@ -101,6 +101,14 @@
"Patch"
]
},
{
"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/visualbasic6/drain",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/",
"source": "cve@mitre.org"
@ -108,6 +116,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/",
"source": "cve@mitre.org"
},
{
"url": "https://x.com/123456/status/1711601593399828530",
"source": "cve@mitre.org"
}
]
}

115
CVE-2023/CVE-2023-353xx/CVE-2023-35349.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35349",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:11.923",
"lastModified": "2023-10-10T18:21:21.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:14:18.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queue "
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-361xx/CVE-2023-36126.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-36126",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T22:15:11.370",
"lastModified": "2023-10-10T23:25:33.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:51:05.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross Site Scripting (XSS) vulnerability in the \"theme\" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0"
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de Cross Site Scripting (XSS) en el par\u00e1metro \"theme\" de preview.php en PHPJabbers Appointment Scheduler v3.0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74A1B-C08B-4249-A66D-B7246A9DF3B4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-364xx/CVE-2023-36431.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36431",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:12.497",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:14:47.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-364xx/CVE-2023-36433.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36433",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:12.557",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:15:55.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Microsoft Dynamics 365 (local)"
}
],
"metrics": {
@ -34,10 +38,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionStartIncluding": "9.0",
"versionEndExcluding": "9.0.49.04",
"matchCriteriaId": "D82EE042-2FBD-4B57-B159-053DC80E726C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionStartIncluding": "9.1",
"versionEndExcluding": "9.1.21.05",
"matchCriteriaId": "69ACF461-9B62-46A5-AFEC-FFF2F87CF716"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

127
CVE-2023/CVE-2023-364xx/CVE-2023-36434.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36434",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:12.617",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:26:25.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows IIS Server Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows IIS Server"
}
],
"metrics": {
@ -34,10 +38,127 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:x64:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "D3135CC9-21FF-410F-8F6A-2F80BB37E834"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:x86:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "D8200459-FD6F-40D2-A6CF-2BC0AD89A165"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "15F303BE-3B6E-4B91-99A8-3D0135040C0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "C38DBDD3-BC41-4791-9754-2826E3F0698D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-364xx/CVE-2023-36435.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36435",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:12.680",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:50:44.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft QUIC Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft QUIC"
}
],
"metrics": {
@ -34,10 +38,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.12",
"matchCriteriaId": "E55B75C8-9143-4AE2-BC23-6B8F1E88AC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36570.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36570",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.450",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:51:16.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queue "
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36571.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36571",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.510",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T16:44:47.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-402xx/CVE-2023-40299.json
View File

@ -2,31 +2,112 @@
"id": "CVE-2023-40299",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T22:15:09.830",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:32:03.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable."
},
{
"lang": "es",
"value": "Kong Insomnia 2023.4.0 en macOS permite a los atacantes ejecutar c\u00f3digo y acceder a archivos restringidos, o realizar solicitudes de permisos TCC, utilizando la variable de entorno DYLD_INSERT_LIBRARIES."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:konghq:insomnia:2023.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE836E-D4A8-41DA-915D-757726E8D788"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kong/insomnia/pull/6217/commits",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Kong/insomnia/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://insomnia.rest/changelog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.angelystor.com/posts/cve-2023-40299/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-405xx/CVE-2023-40556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40556",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T06:15:11.157",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:08:39.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:toolstack:schedule_posts_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.2",
"matchCriteriaId": "D81E8F17-10B2-4BA3-9741-15FD00E4EA5E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/schedule-posts-calendar/wordpress-schedule-posts-calendar-plugin-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-411xx/CVE-2023-41131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41131",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:46.980",
"lastModified": "2023-10-12T15:15:46.980",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
CVE-2023/CVE-2023-418xx/CVE-2023-41854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41854",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T09:15:10.080",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:07:32.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpcentral:wpcentral:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.7",
"matchCriteriaId": "5021426F-124B-4378-B48D-385B0402D645"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-central/wordpress-wpcentral-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43147.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43147",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T16:15:12.100",
"lastModified": "2023-10-12T16:52:07.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MinoTauro2020/CVE-2023-43148",
"source": "cve@mitre.org"
}
]
}

16
CVE-2023/CVE-2023-436xx/CVE-2023-43654.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43654",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-28T23:15:09.627",
"lastModified": "2023-10-02T20:04:38.423",
"lastModified": "2023-10-12T16:19:14.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",

47
CVE-2023/CVE-2023-442xx/CVE-2023-44238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44238",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T10:15:22.987",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:18:06.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joakimling:remove_slug_from_custom_post_type:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "5C92FD4C-3102-4022-8BE1-C704B71C09E0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/remove-slug-from-custom-post-type/wordpress-remove-slug-from-custom-post-type-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44240",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T11:15:10.723",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:53:06.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:peterbutler:timthumb_vulnerability_scanner:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.54",
"matchCriteriaId": "4878FDE4-E05C-402E-BA15-D3B78056A3F9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/timthumb-vulnerability-scanner/wordpress-timthumb-vulnerability-scanner-plugin-1-54-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44246",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T10:15:23.067",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:52:33.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matiass:shockingly_simple_favicon:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.2",
"matchCriteriaId": "5A29AA8A-174F-42EE-AF10-6336142A69D3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shockingly-simple-favicon/wordpress-shockingly-simple-favicon-plugin-1-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-444xx/CVE-2023-44473.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44473",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T11:15:10.813",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:53:16.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dublue:table_of_contents_plus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2302",
"matchCriteriaId": "96551BDE-319E-4A16-B0D9-F71CA252CD99"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/table-of-contents-plus/wordpress-table-of-contents-plus-plugin-2302-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-449xx/CVE-2023-44993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44993",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T11:15:10.900",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:53:25.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.7.8",
"matchCriteriaId": "C187FF04-03F7-4F1E-BA12-5C53C9A7A6AD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-4-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-449xx/CVE-2023-44998.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44998",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.163",
"lastModified": "2023-10-12T13:15:10.163",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45011",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.353",
"lastModified": "2023-10-12T13:15:10.353",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45048",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.440",
"lastModified": "2023-10-12T13:15:10.440",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45052",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.543",
"lastModified": "2023-10-12T13:15:10.543",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45058",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.713",
"lastModified": "2023-10-12T13:15:10.713",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45060",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.800",
"lastModified": "2023-10-12T13:15:10.800",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45063",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:10.897",
"lastModified": "2023-10-12T13:15:10.897",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-450xx/CVE-2023-45068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45068",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:11.063",
"lastModified": "2023-10-12T13:15:11.063",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45102",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:47.070",
"lastModified": "2023-10-12T15:15:47.070",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45103",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:47.160",
"lastModified": "2023-10-12T15:15:47.160",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45106",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:47.253",
"lastModified": "2023-10-12T15:15:47.253",
"vulnStatus": "Received",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-451xx/CVE-2023-45133.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-45133",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:09.797",
"lastModified": "2023-10-12T17:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-184"
}
]
}
],
"references": [
{
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/babel/babel/pull/16033",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/babel/babel/releases/tag/v7.23.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45138.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:09.900",
"lastModified": "2023-10-12T17:15:09.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It's possible to workaround the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the fix commit."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki-contrib/application-changerequest/commit/7565e720117f73102f5a276239eabfe85e15cff4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-f776-w9v2-7vfj",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/CRAPP-298",
"source": "security-advisories@github.com"
}
]
}

83
CVE-2023/CVE-2023-451xx/CVE-2023-45142.json Normal file
View File

@ -0,0 +1,83 @@
{
"id": "CVE-2023-45142",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:09.990",
"lastModified": "2023-10-12T17:15:09.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-451xx/CVE-2023-45143.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-45143",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:10.087",
"lastModified": "2023-10-12T17:15:10.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nodejs/undici/releases/tag/v5.26.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2166948",
"source": "security-advisories@github.com"
}
]
}

89
CVE-2023/CVE-2023-452xx/CVE-2023-45239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45239",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-10-06T18:15:12.337",
"lastModified": "2023-10-10T00:15:10.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:26:02.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Existe una falta de validaci\u00f3n de entrada en tac_plus antes del commit 4fdf178 que, cuando los comandos de autenticaci\u00f3n previa o posterior est\u00e1n habilitados, permite a un atacante que puede controlar el nombre de usuario, rem-addr o la direcci\u00f3n NAC enviada a tac_plus inyectar comandos de shell y obtener c\u00f3digo remoto ejecuci\u00f3n en el servidor tac_plus."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve-assign@fb.com",
"type": "Secondary",
@ -27,18 +60,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:tac_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-10-05",
"matchCriteriaId": "B455DB3F-3004-4005-A9EB-380A474BE78F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/facebook/tac_plus/pull/41",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Exploit",
"Patch"
]
},
{
"url": "https://github.com/facebook/tac_plus/security/advisories/GHSA-p334-5r3g-4vx3",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4J7ZYMFZB4G4OU5EDJPQLP6F6RKDGIH/",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45244.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-45244",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-06T10:15:18.047",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:23:47.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35895."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.07",
"matchCriteriaId": "F7DFE59C-A608-45AD-B1EC-AD2FFE5A3E2C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5907",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-452xx/CVE-2023-45282.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45282",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T19:15:12.950",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T16:15:12.167",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action."
},
{
"lang": "es",
"value": "En NASA Open MCT (tambi\u00e9n conocido como openmct) 2.2.5 anterior a 545a177, la contaminaci\u00f3n del prototipo puede ocurrir mediante una acci\u00f3n de importaci\u00f3n."
}
],
"metrics": {},
@ -19,6 +23,10 @@
{
"url": "https://nasa.github.io/openmct/",
"source": "cve@mitre.org"
},
{
"url": "https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282",
"source": "cve@mitre.org"
}
]
}

103
CVE-2023/CVE-2023-453xx/CVE-2023-45363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T05:15:09.220",
"lastModified": "2023-10-11T02:15:09.583",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:00:30.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,108 @@
"value": "Se descubri\u00f3 un problema en ApiPageSet.php en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Permite a los atacantes provocar una denegaci\u00f3n de servicio (bucle ilimitado y RequestTimeoutException) cuando consultan p\u00e1ginas redirigidas a otras variantes con redirecciones y converttitles configurados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://phabricator.wikimedia.org/T333050",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5520",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-453xx/CVE-2023-45364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T05:15:09.300",
"lastModified": "2023-10-11T02:15:09.657",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:03:43.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,101 @@
"value": "Se descubri\u00f3 un problema en include/page/Article.php en MediaWiki 1.36.x hasta 1.39.x anteriores a 1.39.5 y 1.40.x anteriores a 1.40.1. La existencia de la revisi\u00f3n eliminada se filtra debido a que se verificaron permisos incorrectos. Esto revela que un ID de revisi\u00f3n determinado pertenec\u00eda al t\u00edtulo de la p\u00e1gina determinada y a su marca de tiempo, los cuales no se supone que sean informaci\u00f3n p\u00fablica."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://phabricator.wikimedia.org/T264765",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5520",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-453xx/CVE-2023-45367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45367",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T05:15:09.357",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:04:00.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,81 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Un usuario puede usar una URL rest.php/checkuser/v0/useragent-clienthints/revision/ para almacenar un n\u00famero arbitrario de filas en cu_useragent_clienthints, lo que lleva a una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://phabricator.wikimedia.org/T344923",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45369",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T06:15:09.387",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:04:12.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n PageTriage para MediaWiki anterior a 1.35.12, 1.36.x a 1.39.x anterior a 1.39.5 y 1.40.x anterior a 1.40.1. Los nombres de usuario de usuarios ocultos est\u00e1n expuestos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T344359",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45370",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T06:15:10.470",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:05:00.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n SportsTeams para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. SportsTeams: Special:SportsManagerLogo y Special:SportsTeamsManagerLogo no verifican el derecho de usuario de sportsteamsmanager y, por lo tanto, un atacante puede afectar p\u00e1ginas relacionadas con equipos deportivos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T345680",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T06:15:10.537",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:04:48.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n de Wikibase para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. No hay l\u00edmite de tarifa para fusionar art\u00edculos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T345064",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45372",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T06:15:10.607",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:04:34.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n de Wikibase para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Durante la combinaci\u00f3n de elementos, ItemMergeInteractor no tiene ning\u00fan filtro de edici\u00f3n en ejecuci\u00f3n (por ejemplo, AbuseFilter)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T345064",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T06:15:10.667",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:05:49.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n ProofreadPage para MediaWiki anterior a 1.35.12, 1.36.x a 1.39.x anterior a 1.39.5 y 1.40.x anterior a 1.40.1. XSS puede ocurrir a trav\u00e9s de formatNumNoSeparators."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T345693",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T06:15:10.723",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T16:06:05.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n SportsTeams para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. No busca el token de edici\u00f3n anti-CSRF en Special:SportsTeamsManager y Special:UpdateFavoriteTeams."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.12",
"matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.39.5",
"matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T345040",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-456xx/CVE-2023-45612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45612",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-10-09T11:15:11.020",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:53:41.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,44 @@
"value": "CWE-611"
}
]
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.5",
"matchCriteriaId": "BA55E48A-58CF-476E-9377-3D215BCC5050"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-456xx/CVE-2023-45613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45613",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-10-09T11:15:11.110",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T17:54:21.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.5",
"matchCriteriaId": "BA55E48A-58CF-476E-9377-3D215BCC5050"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5072.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5072",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-12T17:15:10.187",
"lastModified": "2023-10-12T17:15:10.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial of Service in JSON-Java versions prior to 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u00a0\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/stleary/JSON-java/issues/758",
"source": "cve-coordination@google.com"
},
{
"url": "https://github.com/stleary/JSON-java/issues/771",
"source": "cve-coordination@google.com"
}
]
}

70
CVE-2023/CVE-2023-52xx/CVE-2023-5218.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-5218",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-10-11T23:15:10.443",
"lastModified": "2023-10-12T12:59:39.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:48:12.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118.0.5993.70",
"matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1487110",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

132
CVE-2023/CVE-2023-53xx/CVE-2023-5366.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5366",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-06T18:15:12.520",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:40:07.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre m\u00e1quinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atacante local cree paquetes especialmente manipulados con un campo de direcci\u00f3n IP de destino modificado o falsificado que puede redirigir el tr\u00e1fico ICMPv6 a direcciones IP arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,114 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-02-28",
"matchCriteriaId": "29766552-B5EB-4F13-8317-92D8F385DF19"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5366",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-54xx/CVE-2023-5473.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-5473",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-10-11T23:15:10.503",
"lastModified": "2023-10-12T12:59:39.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:48:36.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118.0.5993.70",
"matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1484000",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-54xx/CVE-2023-5474.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-5474",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-10-11T23:15:10.557",
"lastModified": "2023-10-12T12:59:39.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:48:55.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118.0.5993.70",
"matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1483194",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-54xx/CVE-2023-5475.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-5475",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-10-11T23:15:10.603",
"lastModified": "2023-10-12T12:59:39.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T17:49:18.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118.0.5993.70",
"matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1476952",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-12T16:00:24.623863+00:00
2023-10-12T18:00:24.510144+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-12T15:50:51.520000+00:00
2023-10-12T17:54:21.100000+00:00
```
### Last Data Feed Release
@ -29,44 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227665
227680
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `15`
* [CVE-2023-27315](CVE-2023/CVE-2023-273xx/CVE-2023-27315.json) (`2023-10-12T14:15:10.170`)
* [CVE-2023-32124](CVE-2023/CVE-2023-321xx/CVE-2023-32124.json) (`2023-10-12T15:15:46.867`)
* [CVE-2023-41131](CVE-2023/CVE-2023-411xx/CVE-2023-41131.json) (`2023-10-12T15:15:46.980`)
* [CVE-2023-45102](CVE-2023/CVE-2023-451xx/CVE-2023-45102.json) (`2023-10-12T15:15:47.070`)
* [CVE-2023-45103](CVE-2023/CVE-2023-451xx/CVE-2023-45103.json) (`2023-10-12T15:15:47.160`)
* [CVE-2023-45106](CVE-2023/CVE-2023-451xx/CVE-2023-45106.json) (`2023-10-12T15:15:47.253`)
* [CVE-2023-22308](CVE-2023/CVE-2023-223xx/CVE-2023-22308.json) (`2023-10-12T16:15:09.967`)
* [CVE-2023-22325](CVE-2023/CVE-2023-223xx/CVE-2023-22325.json) (`2023-10-12T16:15:10.283`)
* [CVE-2023-23581](CVE-2023/CVE-2023-235xx/CVE-2023-23581.json) (`2023-10-12T16:15:10.937`)
* [CVE-2023-25774](CVE-2023/CVE-2023-257xx/CVE-2023-25774.json) (`2023-10-12T16:15:11.297`)
* [CVE-2023-27516](CVE-2023/CVE-2023-275xx/CVE-2023-27516.json) (`2023-10-12T16:15:11.670`)
* [CVE-2023-31192](CVE-2023/CVE-2023-311xx/CVE-2023-31192.json) (`2023-10-12T16:15:11.760`)
* [CVE-2023-32275](CVE-2023/CVE-2023-322xx/CVE-2023-32275.json) (`2023-10-12T16:15:11.840`)
* [CVE-2023-32634](CVE-2023/CVE-2023-326xx/CVE-2023-32634.json) (`2023-10-12T16:15:11.920`)
* [CVE-2023-43147](CVE-2023/CVE-2023-431xx/CVE-2023-43147.json) (`2023-10-12T16:15:12.100`)
* [CVE-2023-27395](CVE-2023/CVE-2023-273xx/CVE-2023-27395.json) (`2023-10-12T16:15:11.583`)
* [CVE-2023-45133](CVE-2023/CVE-2023-451xx/CVE-2023-45133.json) (`2023-10-12T17:15:09.797`)
* [CVE-2023-45138](CVE-2023/CVE-2023-451xx/CVE-2023-45138.json) (`2023-10-12T17:15:09.900`)
* [CVE-2023-45142](CVE-2023/CVE-2023-451xx/CVE-2023-45142.json) (`2023-10-12T17:15:09.990`)
* [CVE-2023-45143](CVE-2023/CVE-2023-451xx/CVE-2023-45143.json) (`2023-10-12T17:15:10.087`)
* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-10-12T17:15:10.187`)
### CVEs modified in the last Commit
Recently modified CVEs: `19`
Recently modified CVEs: `53`
* [CVE-2011-4330](CVE-2011/CVE-2011-43xx/CVE-2011-4330.json) (`2023-10-12T14:13:03.737`)
* [CVE-2012-2136](CVE-2012/CVE-2012-21xx/CVE-2012-2136.json) (`2023-10-12T14:12:02.680`)
* [CVE-2012-2123](CVE-2012/CVE-2012-21xx/CVE-2012-2123.json) (`2023-10-12T14:12:18.073`)
* [CVE-2020-12464](CVE-2020/CVE-2020-124xx/CVE-2020-12464.json) (`2023-10-12T14:10:21.507`)
* [CVE-2022-3248](CVE-2022/CVE-2022-32xx/CVE-2022-3248.json) (`2023-10-12T14:08:01.847`)
* [CVE-2022-4479](CVE-2022/CVE-2022-44xx/CVE-2022-4479.json) (`2023-10-12T15:28:18.043`)
* [CVE-2023-45160](CVE-2023/CVE-2023-451xx/CVE-2023-45160.json) (`2023-10-12T14:07:03.700`)
* [CVE-2023-44390](CVE-2023/CVE-2023-443xx/CVE-2023-44390.json) (`2023-10-12T14:07:35.723`)
* [CVE-2023-41858](CVE-2023/CVE-2023-418xx/CVE-2023-41858.json) (`2023-10-12T15:25:50.593`)
* [CVE-2023-5487](CVE-2023/CVE-2023-54xx/CVE-2023-5487.json) (`2023-10-12T15:47:43.260`)
* [CVE-2023-5486](CVE-2023/CVE-2023-54xx/CVE-2023-5486.json) (`2023-10-12T15:48:22.557`)
* [CVE-2023-5485](CVE-2023/CVE-2023-54xx/CVE-2023-5485.json) (`2023-10-12T15:48:50.690`)
* [CVE-2023-5484](CVE-2023/CVE-2023-54xx/CVE-2023-5484.json) (`2023-10-12T15:49:06.953`)
* [CVE-2023-5483](CVE-2023/CVE-2023-54xx/CVE-2023-5483.json) (`2023-10-12T15:49:19.497`)
* [CVE-2023-5481](CVE-2023/CVE-2023-54xx/CVE-2023-5481.json) (`2023-10-12T15:49:34.023`)
* [CVE-2023-5479](CVE-2023/CVE-2023-54xx/CVE-2023-5479.json) (`2023-10-12T15:49:54.053`)
* [CVE-2023-5478](CVE-2023/CVE-2023-54xx/CVE-2023-5478.json) (`2023-10-12T15:50:09.673`)
* [CVE-2023-5477](CVE-2023/CVE-2023-54xx/CVE-2023-5477.json) (`2023-10-12T15:50:34.707`)
* [CVE-2023-5476](CVE-2023/CVE-2023-54xx/CVE-2023-5476.json) (`2023-10-12T15:50:51.520`)
* [CVE-2023-21244](CVE-2023/CVE-2023-212xx/CVE-2023-21244.json) (`2023-10-12T16:46:48.953`)
* [CVE-2023-41854](CVE-2023/CVE-2023-418xx/CVE-2023-41854.json) (`2023-10-12T17:07:32.377`)
* [CVE-2023-40556](CVE-2023/CVE-2023-405xx/CVE-2023-40556.json) (`2023-10-12T17:08:39.293`)
* [CVE-2023-35349](CVE-2023/CVE-2023-353xx/CVE-2023-35349.json) (`2023-10-12T17:14:18.920`)
* [CVE-2023-36431](CVE-2023/CVE-2023-364xx/CVE-2023-36431.json) (`2023-10-12T17:14:47.200`)
* [CVE-2023-36433](CVE-2023/CVE-2023-364xx/CVE-2023-36433.json) (`2023-10-12T17:15:55.900`)
* [CVE-2023-44238](CVE-2023/CVE-2023-442xx/CVE-2023-44238.json) (`2023-10-12T17:18:06.573`)
* [CVE-2023-45244](CVE-2023/CVE-2023-452xx/CVE-2023-45244.json) (`2023-10-12T17:23:47.253`)
* [CVE-2023-45239](CVE-2023/CVE-2023-452xx/CVE-2023-45239.json) (`2023-10-12T17:26:02.740`)
* [CVE-2023-36434](CVE-2023/CVE-2023-364xx/CVE-2023-36434.json) (`2023-10-12T17:26:25.127`)
* [CVE-2023-40299](CVE-2023/CVE-2023-402xx/CVE-2023-40299.json) (`2023-10-12T17:32:03.607`)
* [CVE-2023-5366](CVE-2023/CVE-2023-53xx/CVE-2023-5366.json) (`2023-10-12T17:40:07.343`)
* [CVE-2023-5218](CVE-2023/CVE-2023-52xx/CVE-2023-5218.json) (`2023-10-12T17:48:12.617`)
* [CVE-2023-5473](CVE-2023/CVE-2023-54xx/CVE-2023-5473.json) (`2023-10-12T17:48:36.180`)
* [CVE-2023-5474](CVE-2023/CVE-2023-54xx/CVE-2023-5474.json) (`2023-10-12T17:48:55.820`)
* [CVE-2023-5475](CVE-2023/CVE-2023-54xx/CVE-2023-5475.json) (`2023-10-12T17:49:18.290`)
* [CVE-2023-36435](CVE-2023/CVE-2023-364xx/CVE-2023-36435.json) (`2023-10-12T17:50:44.660`)
* [CVE-2023-36126](CVE-2023/CVE-2023-361xx/CVE-2023-36126.json) (`2023-10-12T17:51:05.700`)
* [CVE-2023-36570](CVE-2023/CVE-2023-365xx/CVE-2023-36570.json) (`2023-10-12T17:51:16.540`)
* [CVE-2023-44246](CVE-2023/CVE-2023-442xx/CVE-2023-44246.json) (`2023-10-12T17:52:33.000`)
* [CVE-2023-44240](CVE-2023/CVE-2023-442xx/CVE-2023-44240.json) (`2023-10-12T17:53:06.413`)
* [CVE-2023-44473](CVE-2023/CVE-2023-444xx/CVE-2023-44473.json) (`2023-10-12T17:53:16.280`)
* [CVE-2023-44993](CVE-2023/CVE-2023-449xx/CVE-2023-44993.json) (`2023-10-12T17:53:25.957`)
* [CVE-2023-45612](CVE-2023/CVE-2023-456xx/CVE-2023-45612.json) (`2023-10-12T17:53:41.813`)
* [CVE-2023-45613](CVE-2023/CVE-2023-456xx/CVE-2023-45613.json) (`2023-10-12T17:54:21.100`)
## Download and Usage