admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-08T19:00:19.410809+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-08 19:00:23 +00:00
parent 22d04de60d
commit f1132ba131
83 changed files with 4724 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2015/CVE-2015-08xx/CVE-2015-0897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-0897",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-31T10:15:08.450",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:51:36.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "LINE para Android versi\u00f3n 5.0.2 y anteriores y LINE para iOS versi\u00f3n 5.0.0 y anteriores son vulnerables a ataques MITM (man-in-the-middle) ya que la aplicaci\u00f3n permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un script inyectado por un atacante MITM (man-in-the-middle)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-924"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:line:line:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "5.0.0",
"matchCriteriaId": "D980A5EF-C417-4FEF-987C-0E64C5581CA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:line:line:*:*:*:*:*:android:*:*",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "884285C7-A2A4-40A5-9B68-01DA5D34E69F"
}
]
}
]
}
],
"references": [
{
"url": "http://official-blog.line.me/ja/archives/24809761.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/jp/JVN41281927/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2015/CVE-2015-201xx/CVE-2015-20110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-20110",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T03:15:07.613",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:39:35.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,91 @@
"value": "JHipster generador-jhipster anterior a 2.23.0 permite un ataque de tiempo contra validarToken debido a una comparaci\u00f3n de cadenas que se detiene en el primer car\u00e1cter que es diferente. Los atacantes pueden adivinar fichas forzando bruscamente un personaje a la vez y observando el tiempo. Por supuesto, esto reduce dr\u00e1sticamente el espacio de b\u00fasqueda a una cantidad lineal de conjeturas basadas en la longitud del token multiplicada por los caracteres posibles."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jhipster:jhipster:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.23.0",
"matchCriteriaId": "975D9B1E-D46A-4E51-9190-4A5C1F050EB6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/jhipster/generator-jhipster/issues/2095",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-208xx/CVE-2023-20886.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20886",
"sourceIdentifier": "security@vmware.com",
"published": "2023-10-31T21:15:08.440",
"lastModified": "2023-11-01T12:51:30.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:17:38.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n"
},
{
"lang": "es",
"value": "La consola VMware Workspace ONE UEM contiene una vulnerabilidad de redireccionamiento abierto. Un actor malintencionado puede redirigir a una v\u00edctima hacia un atacante y recuperar su respuesta SAML para iniciar sesi\u00f3n como el usuario v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -46,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.3.0.2",
"versionEndExcluding": "22.3.0.48",
"matchCriteriaId": "36749A31-1864-45A1-944A-1187FC302985"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.6.0.1",
"versionEndExcluding": "22.6.0.36",
"matchCriteriaId": "D6939CED-5A78-4308-98F5-5C7E0C96ECDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.9.0.1",
"versionEndExcluding": "22.9.0.29",
"matchCriteriaId": "0A73DA2F-EAF9-4004-B27D-69C8C88583C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.12.0.1",
"versionEndExcluding": "22.12.0.20",
"matchCriteriaId": "E4ACC19B-34E5-4E52-B0B5-213A3800AAC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.2.0.1",
"versionEndExcluding": "23.2.0.10",
"matchCriteriaId": "01B5BE21-D245-4FBE-8A4B-325C398A1A23"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0025.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

146
CVE-2023/CVE-2023-225xx/CVE-2023-22518.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-22518",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-10-31T15:15:08.573",
"lastModified": "2023-11-07T04:07:02.960",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:49:56.440",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-11-07",
"cisaActionDue": "2023-11-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Improper Authorization Vulnerability",
"descriptions": [
{
"lang": "en",
@ -15,9 +19,31 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
@ -38,14 +64,124 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "7.19.16",
"matchCriteriaId": "3B807590-F41A-4F12-87DF-698D83853191"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.20.0",
"versionEndExcluding": "8.3.4",
"matchCriteriaId": "65733215-581D-4F2A-B023-899386A4A59C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.4.0",
"versionEndExcluding": "8.4.4",
"matchCriteriaId": "56B04148-6AE0-4FD2-BD3D-B07A9E62F229"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.3",
"matchCriteriaId": "3660C634-0DB0-40B2-A905-1E00360A53FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05E3896A-C145-44DB-8370-9263A139765D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "7.19.16",
"matchCriteriaId": "3E147060-0403-4D4C-8E87-453077B4C4CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.20.0",
"versionEndExcluding": "8.3.4",
"matchCriteriaId": "06FD0F88-133B-4421-8644-1948FDA2AA65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.4.0",
"versionEndExcluding": "8.4.4",
"matchCriteriaId": "F459BB01-A089-4128-93AD-A71FE3B49E22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.3",
"matchCriteriaId": "5DA741B1-9AA7-42F6-8F50-32FE732D25D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E995F8F6-E9A6-4076-8AE8-38A28A5F58D3"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93142",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-244xx/CVE-2023-24410.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-24410",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T15:15:08.640",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:44:01.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el Contact Form - complemento WPManageNinja LLC Contact Form - complemento Fastest Contact Form Builder para WordPress por Fluent Forms fluentform permite la Inyecci\u00f3n SQL. Este problema afecta al complemento Contact Form - complemento Fastest Contact Form Builder para WordPress por Fluent Forms: desde n/a hasta la versi\u00f3n 4.3.25.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3.25",
"matchCriteriaId": "F08F0CCE-B235-4A55-A78E-1D1E24DA0673"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-312xx/CVE-2023-31212.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-31212",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T15:15:08.707",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:47:36.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en el CRM Perks Database para Contact Form 7, WPforms, Elementor forms contact-form-entries permite la Inyecci\u00f3n SQL. Este problema afecta a Database para Contact Form 7, WPforms, Elementor forms: desde n/a hasta la versi\u00f3n 1.3.0.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:database_for_contact_form_7\\,_wpforms\\,_elementor_forms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.3.0",
"matchCriteriaId": "2CDA922C-5154-494A-BD49-72764E5AA8B1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-entries/wordpress-contact-form-entries-plugin-1-3-0-auth-sql-injection-sqli-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-322xx/CVE-2023-32298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32298",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:08.727",
"lastModified": "2023-11-08T16:15:08.727",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-32xx/CVE-2023-3282.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3282",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-11-08T18:15:07.827",
"lastModified": "2023-11-08T18:15:07.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3282",
"source": "psirt@paloaltonetworks.com"
}
]
}

56
CVE-2023/CVE-2023-339xx/CVE-2023-33927.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-33927",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T15:15:08.773",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:47:41.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin \u2013 MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin \u2013 MPG: from n/a through 3.3.19.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el complemento generador de p\u00e1ginas m\u00faltiples de Themeisle \u2013 MPG generador de m\u00faltiples p\u00e1ginas por puerto permite la Inyecci\u00f3n SQL. Este problema afecta al complemento generador de p\u00e1ginas m\u00faltiples \u2013 MPG: de n /a hasta el 3.3.19.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:multiple_page_generator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.19",
"matchCriteriaId": "6B90B3FA-20D8-49D1-BD72-611294D22E86"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-3-19-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-357xx/CVE-2023-35767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35767",
"sourceIdentifier": "security@puppet.com",
"published": "2023-11-08T16:15:08.813",
"lastModified": "2023-11-08T16:15:08.813",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

56
CVE-2023/CVE-2023-358xx/CVE-2023-35879.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-35879",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T15:15:08.837",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:47:46.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en proveedores de productos WooCommerce permite la inyecci\u00f3n SQL. Este problema afecta a los proveedores de productos: desde n/a hasta 2.1.78."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woo:product_vendors:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.78",
"matchCriteriaId": "69AFF4EB-159D-4FB3-B117-87A8A09E5917"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-78-shop-manager-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-365xx/CVE-2023-36508.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-36508",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T15:15:08.927",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:47:51.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n/a through 1.7.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en BestWebSoft Contact Form to DB por BestWebSoft \u2013 complemento Messages Database para WordPress contact-form-to-db permite la Inyecci\u00f3n SQL. Este problema afecta a Contact Form to DB por BestWebSoft - complemento Messages Database para WordPress: desde n/a hasta la versi\u00f3n 1.7.1.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestwebsoft:contact_form_to_db:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.1",
"matchCriteriaId": "6C8A3300-EDD2-44F7-AB55-FE8484619B2A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-36xx/CVE-2023-3676.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3676",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-10-31T21:15:08.550",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:42:03.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que pueda crear pods en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si incluyen nodos de Windows."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -46,14 +80,81 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24.17",
"matchCriteriaId": "FF4C81ED-BB69-490B-BABA-89C2501A5E6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.25.0",
"versionEndExcluding": "1.25.13",
"matchCriteriaId": "86AE4580-37A1-4E7B-9B7A-A30316676065"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.8",
"matchCriteriaId": "99BCE3D9-3EFA-4358-B36E-47954DBE28D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.5",
"matchCriteriaId": "3F30AD24-3FA9-4FA8-BCD5-5351EA357B49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "A3FAE518-D5F9-4A7D-A703-1D36EA8A563C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/119339",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-372xx/CVE-2023-37243.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37243",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-31T15:15:08.993",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:48:53.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The C:\\Windows\\Temp\\Agent.Package.Availability\\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\\Windows\\Temp\\Agent.Package.Availability folder inherits permissions from C:\\Windows\\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.\n"
},
{
"lang": "es",
"value": "El archivo C:\\Windows\\Temp\\Agent.Package.Availability\\Agent.Package.Availability.exe se inicia autom\u00e1ticamente como SYSTEM cuando se reinicia el sistema. Dado que la carpeta C:\\Windows\\Temp\\Agent.Package.Availability hereda permisos de C:\\Windows\\Temp y Agent.Package.Availability.exe es susceptible al DLL hijacking, los usuarios est\u00e1ndar pueden escribir una DLL maliciosa y elevar sus privilegios.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atera:agent_package_availability:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.15.0.0",
"matchCriteriaId": "494A427C-D840-4169-87A9-8B624116CE3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0010.md",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-378xx/CVE-2023-37831.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-37831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T18:15:08.527",
"lastModified": "2023-11-01T12:51:30.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:00:34.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted."
},
{
"lang": "es",
"value": "Un problema descubierto en el transmisor FM Elenos ETG150 v3.12 permite a los atacantes enumerar cuentas de usuario en funci\u00f3n de las respuestas del servidor cuando se env\u00edan las credenciales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elenos:etg150_firmware:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC76559-2E3D-4749-A709-F8735AFCA18B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elenos:etg150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "202EBB13-21FD-4F02-A3F7-A9980EB6EDDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strik3r0x1/Vulns/blob/main/User%20enumeration%20-%20Elenos.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-378xx/CVE-2023-37832.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-37832",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T18:15:08.567",
"lastModified": "2023-11-01T12:51:30.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:16:33.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n tasa en el transmisor FM Elenos ETG150 v3.12 permite a los atacantes obtener credenciales de usuario mediante fuerza bruta y causar otros impactos no especificados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elenos:etg150_firmware:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC76559-2E3D-4749-A709-F8735AFCA18B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elenos:etg150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "202EBB13-21FD-4F02-A3F7-A9980EB6EDDB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/strik3r0x1/Vulns/blob/main/Lack%20of%20resources%20and%20rate%20limiting%20-%20Elenos.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-379xx/CVE-2023-37966.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-37966",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T15:15:09.153",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:49:49.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el registro de actividad del usuario de Solwin Infotech user-activity-log permite la inyecci\u00f3n SQL. Este problema afecta el registro de actividad del usuario: desde n/a hasta 1.6.2."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solwininfotech:user_activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.2",
"matchCriteriaId": "732A8AF1-22BE-44DB-9E21-8AE537221D0C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/user-activity-log/wordpress-user-activity-log-plugin-1-6-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-396xx/CVE-2023-39610.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-39610",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T21:15:08.507",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:23:17.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request."
},
{
"lang": "es",
"value": "Un problema en TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) y anteriores permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante el suministro de una solicitud web manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_c100_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.15",
"matchCriteriaId": "397A5647-578D-4155-8D58-77093EC48C93"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_c100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2654082E-60FA-48F9-B69C-0D334C91EA53"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-39xx/CVE-2023-3955.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3955",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-10-31T21:15:08.613",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:29:32.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si incluyen nodos de Windows."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -46,14 +80,81 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24.17",
"matchCriteriaId": "FF4C81ED-BB69-490B-BABA-89C2501A5E6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.25.0",
"versionEndExcluding": "1.25.13",
"matchCriteriaId": "86AE4580-37A1-4E7B-9B7A-A30316676065"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.8",
"matchCriteriaId": "99BCE3D9-3EFA-4358-B36E-47954DBE28D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.5",
"matchCriteriaId": "3F30AD24-3FA9-4FA8-BCD5-5351EA357B49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "A3FAE518-D5F9-4A7D-A703-1D36EA8A563C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/119595",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Technical Description"
]
}
]
}

71
CVE-2023/CVE-2023-400xx/CVE-2023-40050.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40050",
"sourceIdentifier": "security@progress.com",
"published": "2023-10-31T15:15:09.227",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:34:25.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Cargue el perfil a trav\u00e9s de API o interfaz de usuario en Chef Automate antes de la versi\u00f3n 4.10.29 incluida utilizando el comando de verificaci\u00f3n InSpec con un perfil creado con fines malintencionados que permite la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -50,18 +84,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.10.29",
"matchCriteriaId": "906C8F59-E452-439A-873A-955FC0BCFF02"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://docs.chef.io/automate/profiles/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
},
{
"url": "https://docs.chef.io/release_notes_automate/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Release Notes"
]
}
]
}

149
CVE-2023/CVE-2023-426xx/CVE-2023-42634.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-42634",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-11-01T10:15:09.660",
"lastModified": "2023-11-01T12:51:08.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:46:03.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En las herramientas de validaci\u00f3n, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-426xx/CVE-2023-42640.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-42640",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-11-01T10:15:09.950",
"lastModified": "2023-11-01T12:51:03.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:45:28.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En las herramientas de validaci\u00f3n, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1719615756246777857",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-426xx/CVE-2023-42658.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42658",
"sourceIdentifier": "security@progress.com",
"published": "2023-10-31T15:15:09.393",
"lastModified": "2023-10-31T16:15:09.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:38:06.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile."
},
{
"lang": "es",
"value": "El comando de archivo en Chef InSpec anteriores a 4.56.58 y 5.22.29 permite la ejecuci\u00f3n de comandos locales a trav\u00e9s de un perfil creado con fines malintencionados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -50,18 +84,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chef:inspec:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.56.58",
"matchCriteriaId": "F8BBB3EE-3009-4381-B417-702742CA2A14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chef:inspec:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.22.29",
"matchCriteriaId": "E1C87BF9-A413-4F80-8F0D-58778D58740C"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://docs.chef.io/inspec/cli/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://docs.chef.io/release_notes_inspec/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-42xx/CVE-2023-4250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4250",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:11.857",
"lastModified": "2023-11-07T04:22:22.103",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T17:29:46.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento EventPrime de WordPress anterior a 3.2.0 no sanitiza ni escapa algunos par\u00e1metros antes de devolverlos a la p\u00e1gina, lo que genera un Cross-Site Scripting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "FF289323-7035-441E-BA12-A1E5076148B7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9c271619-f478-45c3-91d9-be0f55ee06a2",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-42xx/CVE-2023-4251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4251",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:11.920",
"lastModified": "2023-11-07T04:22:22.287",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T17:29:20.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento EventPrime WordPress anterior a 3.2.0 no tiene comprobaciones CSRF al crear reservas, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados creen reservas no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "FF289323-7035-441E-BA12-A1E5076148B7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-431xx/CVE-2023-43139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43139",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T05:15:58.353",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:45:06.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,83 @@
"value": "Un problema en franfinance anterior a v.2.0.27 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes validation.php y controllers/front/validation.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:franfinance:franfinance:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "2.0.27",
"matchCriteriaId": "A5DF1809-C656-417B-9772-4FE14F993009"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:franfinance:franfinance:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "AF68CC02-D250-43A4-AD3D-FD7AF7602DD0"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/25/franfinance.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-432xx/CVE-2023-43295.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-43295",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T21:15:08.677",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:29:14.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Request Forgery en Click Studios (SA) Pty Ltd. Passwordstate v.Build 9785 y anteriores permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickstudios:passwordstate:9.7:build_9785:*:*:*:-:*:*",
"matchCriteriaId": "F4A6639C-D7C7-4DBF-BFD6-96346115C039"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.clickstudios.com.au/security/advisories/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-437xx/CVE-2023-43796.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43796",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T17:15:23.270",
"lastModified": "2023-11-01T12:51:30.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:59:11.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.\n"
},
{
"lang": "es",
"value": "Synapse es un servidor dom\u00e9stico Matrix de c\u00f3digo abierto. Antes de las versiones 1.95.1 y 1.96.0rc1, la informaci\u00f3n del dispositivo almacenado en cach\u00e9 de usuarios remotos se puede consultar desde Synapse. Esto se puede utilizar para enumerar los usuarios remotos conocidos por un servidor dom\u00e9stico. Se recomienda a los administradores del sistema que actualicen a Synapse 1.95.1 o 1.96.0rc1 para recibir un parche. Como workaround, se puede utilizar `federation_domain_whitelist` para limitar el tr\u00e1fico de federaci\u00f3n con un servidor dom\u00e9stico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.95.1",
"matchCriteriaId": "F205A9BF-C734-415C-A9D9-84E721A53C07"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-43xx/CVE-2023-4390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4390",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:11.990",
"lastModified": "2023-11-07T04:22:30.867",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T17:28:21.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Popup box de WordPress anterior a 3.7.2 no sanitiza ni escapa de algunos campos emergentes, lo que podr\u00eda permitir a usuarios con altos privilegios, como un administrador, inyectar scripts web arbitrarios incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.2",
"matchCriteriaId": "948EC5E5-92E2-40DA-BD8F-585CE635C4F0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9fd2eb81-185d-4d42-8acf-925664b7cb2f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-444xx/CVE-2023-44484.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44484",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-31T22:15:08.720",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:50:56.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n"
},
{
"lang": "es",
"value": "Online Blood Donation Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting Almacenado. El par\u00e1metro 'firstName' del recurso users/register.php se copia en el documento users/member.php como texto plano entre etiquetas. Cualquier entrada se repite sin modificaciones en la respuesta de users/member.php."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_blood_donation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701BFB6E-6D79-4B4E-BECA-7C718338AF23"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/carpenter/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-444xx/CVE-2023-44485.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44485",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-31T22:15:08.793",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:50:40.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'lastName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n"
},
{
"lang": "es",
"value": "Online Blood Donation Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting Almacenado. El par\u00e1metro 'lastName' del recurso users/register.php se copia en el documento users/member.php como texto plano entre etiquetas. Cualquier entrada se repite sin modificaciones en la respuesta de users/member.php."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_blood_donation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701BFB6E-6D79-4B4E-BECA-7C718338AF23"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/carpenter/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-444xx/CVE-2023-44486.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44486",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-31T22:15:08.867",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:50:22.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'address' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n"
},
{
"lang": "es",
"value": "Online Blood Donation Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting Almacenado. El par\u00e1metro 'address' del recurso users/register.php se copia en el documento users/member.php como texto plano entre etiquetas. Cualquier entrada se repite sin modificaciones en la respuesta de users/member.php."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_blood_donation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701BFB6E-6D79-4B4E-BECA-7C718338AF23"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/carpenter/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-451xx/CVE-2023-45140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45140",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T16:15:09.800",
"lastModified": "2023-11-08T16:15:09.800",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-453xx/CVE-2023-45319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45319",
"sourceIdentifier": "security@puppet.com",
"published": "2023-11-08T16:15:10.000",
"lastModified": "2023-11-08T16:15:10.000",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2023/CVE-2023-456xx/CVE-2023-45672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45672",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.697",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:46:22.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.13.0",
"matchCriteriaId": "C4732404-ED83-4426-AAA2-7BA34EDDD6BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C166CCC4-B65F-467C-B9C7-716181142D21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "950A7EE4-7B30-482E-824D-81BD4DC707F2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-458xx/CVE-2023-45849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45849",
"sourceIdentifier": "security@puppet.com",
"published": "2023-11-08T16:15:10.193",
"lastModified": "2023-11-08T16:15:10.193",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

52
CVE-2023/CVE-2023-461xx/CVE-2023-46138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:10.023",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:41:09.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.0",
"matchCriteriaId": "2334238D-3986-4AB5-BA6B-89EC14810634"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/commit/15a5dda9e0cdbe2ac618a6b2a09df8928f485c88",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-9mrc-75cv-46cq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-462xx/CVE-2023-46235.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46235",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T15:15:09.547",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:38:55.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard."
},
{
"lang": "es",
"value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Antes de la versi\u00f3n 1.5.10.15, debido a la falta de sanitizaci\u00f3n de solicitudes en los registros, una solicitud maliciosa que conten\u00eda XSS se almacenaba en un archivo de registro. Cuando un administrador del servidor FOG iniciaba sesi\u00f3n y ve\u00eda los registros, se analizaban como HTML y se mostraban en consecuencia. La versi\u00f3n 1.5.10.15 contiene un parche. Como workaround, vea los registros desde un editor de texto externo en lugar del panel."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +84,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.10.15",
"matchCriteriaId": "F2F264CF-2217-418C-91D2-5BF2028C3EB0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FOGProject/fogproject/commit/2e2421f19620669b9930f72fb73a8dbc5efe4980",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-cvf7-7mvq-5694",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-462xx/CVE-2023-46236.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46236",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T15:15:09.630",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:47:50.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."
},
{
"lang": "es",
"value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Antes de la versi\u00f3n 1.5.10, una vulnerabilidad de server-side-request-forgery (SSRF) permit\u00eda a un usuario no autenticado activar una solicitud GET como servidor para un endpoint y un esquema de URL arbitrarios. Esto tambi\u00e9n permite el acceso remoto a archivos visibles para el grupo de usuarios de Apache. Otros impactos var\u00edan seg\u00fan la configuraci\u00f3n del servidor. La versi\u00f3n 1.5.10 contiene un parche."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.10",
"matchCriteriaId": "F0A79C05-662C-4102-B8D5-7FCA7C19A1C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-462xx/CVE-2023-46237.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46237",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T15:15:09.707",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:41:11.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue."
},
{
"lang": "es",
"value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Antes de la versi\u00f3n 1.5.10, los usuarios no autenticados pod\u00edan acceder a un endpoint destinado a ofrecer capacidades de enumeraci\u00f3n limitadas a usuarios autenticados. Esto permiti\u00f3 a los usuarios no autenticados descubrir archivos y sus respectivas rutas que eran visibles para el grupo de usuarios de Apache. La versi\u00f3n 1.5.10 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.10",
"matchCriteriaId": "F0A79C05-662C-4102-B8D5-7FCA7C19A1C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-462xx/CVE-2023-46248.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46248",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:09.777",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:49:04.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user's machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can't promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded."
},
{
"lang": "es",
"value": "Cody es un asistente de codificaci\u00f3n de inteligencia artificial (IA). Las versiones de la extensi\u00f3n Cody AI VSCode 0.10.0 a 0.14.0 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo bajo ciertas condiciones. Un atacante que tenga el control de un repositorio malicioso podr\u00eda modificar el archivo de configuraci\u00f3n de Cody `.vscode/cody.json` y sobrescribir los comandos de Cody. Si un usuario con la extensi\u00f3n instalada abre este repositorio malicioso y ejecuta un comando Cody como /explain o /doc, esto podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina del usuario. La vulnerabilidad est\u00e1 clasificada como de gravedad cr\u00edtica, pero con baja explotabilidad. Requiere que el usuario tenga cargado un repositorio malicioso y ejecute el comando sobrescrito en VS Code. El problema se puede explotar independientemente de que el usuario bloquee la ejecuci\u00f3n del c\u00f3digo en un repositorio a trav\u00e9s de VS Code Workspace Trust. El problema se encontr\u00f3 durante una prueba de penetraci\u00f3n habitual de terceros. Los mantenedores de Cody no tienen evidencia de que los repositorios de c\u00f3digo abierto tengan archivos maliciosos `.vscode/cody.json` para explotar esta vulnerabilidad. El problema se solucion\u00f3 en la versi\u00f3n 0.14.1 de la extensi\u00f3n Cody VSCode. En caso de que los usuarios no puedan actualizar r\u00e1pidamente, no deben abrir ning\u00fan repositorio que no sea de confianza con la extensi\u00f3n Cody cargada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sourcegraph:cody:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.10.0",
"versionEndIncluding": "0.14.0",
"matchCriteriaId": "D70F86B8-E8B8-4C28-9AFF-688A3CD4EF34"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sourcegraph/cody/pull/1414",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/sourcegraph/cody/security/advisories/GHSA-8wmq-fwv7-xmwq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-462xx/CVE-2023-46249.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46249",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:09.853",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:50:18.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user, and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin."
},
{
"lang": "es",
"value": "authentik es un proveedor de identidades de c\u00f3digo abierto. Antes de las versiones 2023.8.4 y 2023.10.2, cuando se eliminaba el usuario administrador predeterminado, era posible que un atacante estableciera la contrase\u00f1a del usuario administrador predeterminado sin ninguna autenticaci\u00f3n. authentik utiliza un modelo para crear el usuario administrador predeterminado, que tambi\u00e9n puede establecer opcionalmente la contrase\u00f1a de los usuarios administradores predeterminados desde una variable de entorno. Cuando se elimina el usuario, el flujo de \"configuraci\u00f3n inicial\" utilizado para configurar authentik despu\u00e9s de la primera instalaci\u00f3n vuelve a estar disponible. authentik 2023.8.4 y 2023.10.2 solucionan este problema. Como workaround, aseg\u00farese de que el usuario administrador predeterminado (nombre de usuario `akadmin`) exista y tenga una contrase\u00f1a establecida. Se recomienda utilizar una contrase\u00f1a muy segura para este usuario y guardarla en un lugar seguro como un administrador de contrase\u00f1as. Tambi\u00e9n es posible desactivar el usuario para evitar inicios de sesi\u00f3n como akaadmin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,26 +80,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.8.4",
"matchCriteriaId": "5889E9B4-DDA1-474A-A1AB-1483E2F5FDE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.10.0",
"versionEndExcluding": "2023.10.2",
"matchCriteriaId": "AA3E7BC0-8AEE-4861-949A-86818D17DEFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/goauthentik/authentik/commit/261879022d25016d58867cf1f24e90b81ad618d0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/goauthentik/authentik/commit/ea75741ec22ecef34bc7073f1163e17a8a2bf9fc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjvp-29xq-f62w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-462xx/CVE-2023-46250.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46250",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:09.930",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:51:08.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`."
},
{
"lang": "es",
"value": "pypdf es una librer\u00eda de PDF pura de Python gratuita y de c\u00f3digo abierto. Un atacante que utilice una vulnerabilidad presente en las versiones 3.7.0 a 3.16.4 puede crear un PDF que genere un bucle infinito. Este bucle infinito bloquea el proceso actual y puede utilizar un solo n\u00facleo de la CPU al 100%. No afecta el uso de la memoria. Ese es, por ejemplo, el caso cuando el usuario de pypdf manipula un PDF malicioso entrante, por ejemplo fusion\u00e1ndolo con otro PDF o agregando anotaciones. El problema se solucion\u00f3 en la versi\u00f3n 3.17.0. Como workaround, aplique el parche manualmente modificando `pypdf/generic/_data_structures.py`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.17.0",
"matchCriteriaId": "FC5F9A57-7CED-4B60-89E9-B33B91496624"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/py-pdf/pypdf/pull/2264",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-462xx/CVE-2023-46255.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46255",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:10.007",
"lastModified": "2023-11-02T17:15:11.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:52:06.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:authzed:spicedb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.27.0",
"matchCriteriaId": "1339CD3F-78E6-4CCC-B453-9ED4AC5C8F6E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/authzed/spicedb/commit/ae50421b80f895e4c98d999b18e06b6f1e6f1cf8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-jg7w-cxjv-98c2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-462xx/CVE-2023-46256.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46256",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:10.080",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:53:06.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available."
},
{
"lang": "es",
"value": "PX4-Autopilot proporciona una soluci\u00f3n de control de vuelo PX4 para drones. En las versiones 1.14.0-rc1 y anteriores, PX4-Autopilot tiene una vulnerabilidad de desbordamiento del b\u00fafer de mont\u00f3n en la funci\u00f3n del analizador debido a la ausencia de verificaci\u00f3n del valor `parserbuf_index`. Un mal funcionamiento del dispositivo sensor puede provocar un desbordamiento del b\u00fafer de almacenamiento din\u00e1mico, lo que provocar\u00e1 un comportamiento inesperado del dron. Las aplicaciones maliciosas pueden aprovechar la vulnerabilidad incluso si no se produce un mal funcionamiento del sensor del dispositivo. Hasta el valor m\u00e1ximo de un `unsigned int`, se pueden escribir datos de tama\u00f1o de bytes en el \u00e1rea de memoria del mont\u00f3n. Al momento de la publicaci\u00f3n, no hay ninguna versi\u00f3n fija disponible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +84,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.13.3",
"matchCriteriaId": "78D98550-9561-4A71-9D2F-1BCE023C983D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1F0BC4DF-E761-446E-917E-D9313606B783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FAD25F65-00AF-418E-9B14-87893CA453F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37546352-3A66-483D-93CB-90F474E683B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-464xx/CVE-2023-46484.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-46484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T21:15:08.777",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:41:43.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function."
},
{
"lang": "es",
"value": "Un problema en TOTOlink X6000R V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n setLedCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/10/29/x6000r/setLedCfg/TOTOlink%20X6000R%20setLedCfg%20e/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-464xx/CVE-2023-46485.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T21:15:08.817",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:41:18.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component."
},
{
"lang": "es",
"value": "Un problema en TOTOlink X6000R V9.4.0cu.852_B20230719 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n setTracerouteCfg del componente stecgi.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/10/29/x6000r/TOTOlink%20X6000R%20V9.1.0cu.2350_B20230313-rsetTracerouteCfg/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-466xx/CVE-2023-46613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46613",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.367",
"lastModified": "2023-11-08T16:15:10.367",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-466xx/CVE-2023-46621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46621",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.470",
"lastModified": "2023-11-08T16:15:10.470",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-466xx/CVE-2023-46626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46626",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.610",
"lastModified": "2023-11-08T16:15:10.610",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-466xx/CVE-2023-46627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46627",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.690",
"lastModified": "2023-11-08T16:15:10.690",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-466xx/CVE-2023-46640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46640",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.763",
"lastModified": "2023-11-08T16:15:10.763",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
CVE-2023/CVE-2023-466xx/CVE-2023-46642.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-46642",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T17:15:07.780",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <=\u00a01.2.2 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sahu-tiktok-pixel/wordpress-sahu-tiktok-pixel-for-e-commerce-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-466xx/CVE-2023-46643.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-46643",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T17:15:07.860",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <=\u00a03.2.0 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cloudnet-sync/wordpress-cloudnet360-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

74
CVE-2023/CVE-2023-467xx/CVE-2023-46722.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46722",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:10.157",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:53:25.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually."
},
{
"lang": "es",
"value": "El paquete Pimcore Admin Classic proporciona una interfaz de usuario de backend para Pimcore. Antes de la versi\u00f3n 1.2.0, una vulnerabilidad de cross-site scripting ten\u00eda el potencial de robar la cookie de un usuario y obtener acceso no autorizado a la cuenta de ese usuario a trav\u00e9s de la cookie robada o redirigir a los usuarios a otros sitios maliciosos. Los usuarios deben actualizar a la versi\u00f3n 1.2.0 para recibir un parche o, como workaround, aplicar el parche manualmente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +84,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "855E0DB7-DE80-4A9F-96C2-71E4D3AC7CC9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
}
]
}

63
CVE-2023/CVE-2023-467xx/CVE-2023-46723.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46723",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T16:15:10.233",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:54:38.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`."
},
{
"lang": "es",
"value": "lte-pic32-writer es un escritor para dispositivos PIC32. En las versiones 0.0.1 y anteriores, quienes usan `sendto.txt` son vulnerables a los atacantes que conocen el IMEI al leer el sendto.txt. El archivo sendto.txt puede contener la URL SNS (como slack y zulip) y la clave API. Al momento de la publicaci\u00f3n, a\u00fan no hay ning\u00fan parche disponible. Como workarounds, evite usar `sendto.txt` o use `.htaccess` para bloquear el acceso a `sendto.txt`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pajip:lte-pic32-writer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.3",
"matchCriteriaId": "1F94643F-9864-43BF-90F7-395B0920146C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/paijp/lte-pic32-writer/security/advisories/GHSA-9qgg-ph2v-v4mh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-469xx/CVE-2023-46992.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46992",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T15:15:09.787",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:41:49.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages."
},
{
"lang": "es",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 es vulnerable a un control de acceso incorrecto. Los atacantes pueden restablecer varias contrase\u00f1as cr\u00edticas sin autenticaci\u00f3n visitando p\u00e1ginas espec\u00edficas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-469xx/CVE-2023-46993.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46993",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T15:15:09.830",
"lastModified": "2023-10-31T15:35:00.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:44:33.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection."
},
{
"lang": "es",
"value": "En TOTOLINK A3300R V17.0.0cu.557_B20221024, cuando se trata de la solicitud setLedCfg, no hay verificaci\u00f3n para el par\u00e1metro enable, lo que puede provocar la inyecci\u00f3n de un comando."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-471xx/CVE-2023-47107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47107",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T16:15:10.833",
"lastModified": "2023-11-08T16:15:10.833",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

77
CVE-2023/CVE-2023-471xx/CVE-2023-47174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47174",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.313",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:55:32.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Thorn SFTP gateway 3.4.x anterior a 3.4.4 utiliza Pivotal Spring Framework para la deserializaci\u00f3n de datos no confiables en Java, que no es compatible con Pivotal, un problema relacionado con CVE-2016-1000027. Adem\u00e1s, dentro del contexto espec\u00edfico de Thorn SFTP gateway, esto conduce a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.0",
"versionEndExcluding": "3.4.4",
"matchCriteriaId": "187C103E-583A-451A-B0F4-73A10E44BD3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:thorntech:sftp_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAACFFF1-8535-470D-8C01-E4F979798CA9"
}
]
}
]
}
],
"references": [
{
"url": "https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-473xx/CVE-2023-47379.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-47379",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-08T17:15:07.937",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/microweber/microweber/blob/master/CHANGELOG.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00",
"source": "cve@mitre.org"
},
{
"url": "https://www.getastra.com/blog/security-audit/stored-xss-vulnerability/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-473xx/CVE-2023-47397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47397",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-08T16:15:11.017",
"lastModified": "2023-11-08T16:15:11.017",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-48xx/CVE-2023-4823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4823",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.103",
"lastModified": "2023-11-07T04:23:00.630",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:25:51.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento WP Meta and Date Remover de WordPress anterior a 2.2.0 proporciona un endpoint AJAX para configurar los ajustes del complemento. Este endpoint no tiene comprobaciones de capacidad y no sanitiza la entrada del usuario, que luego se genera sin escape. Permitir que cualquier usuario autenticado, como el suscriptor, los cambie y realice Cross-Site Scripting almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prasadkirpekar:wp_meta_and_date_remover:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "CBDAB5ED-0F62-45A5-8F3C-84A1D73646B2"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-48xx/CVE-2023-4836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4836",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.160",
"lastModified": "2023-11-07T04:23:01.023",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:30:46.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "El complemento WordPress File Sharing Plugin de WordPress anterior a 2.0.5 no verifica la autorizaci\u00f3n antes de mostrar archivos y carpetas, lo que permite a los usuarios obtener acceso a los archivados manipulando ID que pueden ser f\u00e1cilmente forzados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.5",
"matchCriteriaId": "49FC51E7-C463-4DD0-918A-8660105FFF12"
}
]
}
]
}
],
"references": [
{
"url": "https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-50xx/CVE-2023-5098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5098",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.230",
"lastModified": "2023-11-07T04:23:27.247",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:33:48.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Campaign Monitor Forms by Optin Cat de WordPress anterior a 2.5.6 no impide que los usuarios con privilegios bajos (como suscriptores) sobrescriban cualquier opci\u00f3n en un sitio con la cadena \"true\", lo que podr\u00eda conducir a una variedad de resultados, incluido DoS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fatcatapps:campaign_monitor_optin_cat:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.6",
"matchCriteriaId": "3FF7B9FD-A9F1-4D1A-AFF4-04886F7527BC"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3167a83c-291e-4372-a42e-d842205ba722",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-51xx/CVE-2023-5136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5136",
"sourceIdentifier": "security@ni.com",
"published": "2023-11-08T16:15:11.067",
"lastModified": "2023-11-08T16:15:11.067",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-52xx/CVE-2023-5211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5211",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.297",
"lastModified": "2023-11-07T04:23:36.583",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:34:40.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Fattura24 de WordPress anterior a 6.2.8 no sanitiza ni escapa del par\u00e1metro 'id' antes de devolverlo a la p\u00e1gina, lo que genera una vulnerabilidad de Cross-Site Scripting reflejada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fattura24:fattura24:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.2.8",
"matchCriteriaId": "D17EB17D-12A4-4580-92BC-A3F8775A031F"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/aa868380-cda7-4ec6-8a3f-d9fa692908f2",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-52xx/CVE-2023-5229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5229",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.363",
"lastModified": "2023-11-07T04:23:38.277",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:35:10.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento E2Pdf de WordPress anterior a la versi\u00f3n 1.20.20 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados realizar ataques de Cross-Site Scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.20.20",
"matchCriteriaId": "FBAD6B3C-C294-4EC4-B794-A99D336D04C0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fb6ce636-9e0d-4c5c-bb95-dde1d2581245",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-52xx/CVE-2023-5237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5237",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.453",
"lastModified": "2023-11-07T04:23:39.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:36:19.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "El complemento Memberlite Shortcodes de WordPress anterior a 1.3.9 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a la p\u00e1gina, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de Cross-Site Scripting almacenados que podr\u00edan usarse contra usuarios con altos privilegios como administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strangerstudios:memberlite_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.9",
"matchCriteriaId": "B046331D-717E-454A-A233-0A7459AE7775"
}
]
}
]
}
],
"references": [
{
"url": "https://research.cleantalk.org/cve-2023-5237-memberlite-shortcodes-stored-xss-via-shortcode",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/a46d686c-6234-4aa8-a656-00a65c55d0b0",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-52xx/CVE-2023-5238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5238",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.557",
"lastModified": "2023-11-07T04:23:39.357",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:37:35.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento EventPrime de WordPress anterior a 3.2.0 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera una inyecci\u00f3n de HTML en el complemento en el \u00e1rea de b\u00fasqueda del sitio web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "FF289323-7035-441E-BA12-A1E5076148B7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/47a5fbfd-f47c-4356-8567-b29dadb48423",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-52xx/CVE-2023-5243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5243",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.633",
"lastModified": "2023-11-07T04:23:39.807",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:40:41.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Login Screen Manager de WordPress hasta la versi\u00f3n 3.5.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:login_screen_manager_project:login_screen_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5.2",
"matchCriteriaId": "E042D3A7-7AA5-424A-97C2-08EAD49572F2"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ad895200-a03a-4e92-b256-d6991547d38a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-53xx/CVE-2023-5306.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5306",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-10-31T22:15:08.933",
"lastModified": "2023-11-01T12:51:21.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:50:01.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n"
},
{
"lang": "es",
"value": "Online Blood Donation Management System v1.0 es afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting Almacenado. El par\u00e1metro 'city' del recurso users/register.php se copia en el documento users/member.php como texto plano entre etiquetas. Cualquier entrada se repite sin modificaciones en la respuesta de users/member.php."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_blood_donation_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701BFB6E-6D79-4B4E-BECA-7C718338AF23"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/carpenter/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

71
CVE-2023/CVE-2023-53xx/CVE-2023-5307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5307",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.713",
"lastModified": "2023-11-07T04:23:52.393",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:41:12.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "El complemento Photos and Files Contest Gallery de WordPress anterior a 21.2.8.1 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting a trav\u00e9s de ciertos encabezados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "21.2.8.1",
"matchCriteriaId": "ED3B8B77-3C6F-42E7-B14A-E6D47C0E4F5F"
}
]
}
]
}
],
"references": [
{
"url": "https://research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/6fac1e09-21ab-430d-b56d-195e7238c08c",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-53xx/CVE-2023-5360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5360",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.773",
"lastModified": "2023-11-07T04:23:56.610",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:41:39.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento Royal Elementor Addons and Templates de WordPress anterior a 1.3.79 no valida correctamente los archivos cargados, lo que podr\u00eda permitir a usuarios no autenticados cargar archivos arbitrarios, como PHP y lograr RCE."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.79",
"matchCriteriaId": "375665EA-8AA1-4209-977B-3381B517CC0F"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-54xx/CVE-2023-5458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5458",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.833",
"lastModified": "2023-11-07T04:24:01.630",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:42:44.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento CITS Support svg, webp Media y TTF,OTF File Upload WordPress anterior a 3.0 no sanitiza los archivos SVG cargados, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como Autor cargar un SVG malicioso que contenga payloads XSS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashik:cits_support_svg\\,_webp_media_and_ttf\\,otf_file_upload:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0",
"matchCriteriaId": "904A2885-1AF5-4AA0-95B4-06793BB009F6"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/47d15f1c-b9ca-494d-be8f-63c30e92f9b8",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-55xx/CVE-2023-5519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5519",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-31T14:15:12.893",
"lastModified": "2023-11-07T04:24:06.937",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T18:43:21.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El complemento EventPrime WordPress anterior a 3.2.0 no tiene comprobaciones CSRF al crear reservas, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados creen reservas no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "FF289323-7035-441E-BA12-A1E5076148B7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-57xx/CVE-2023-5739.json
View File

@ -2,19 +2,113 @@
"id": "CVE-2023-5739",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-10-31T16:15:10.307",
"lastModified": "2023-10-31T17:07:44.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T17:57:37.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege."
},
{
"lang": "es",
"value": "Ciertas versiones HP PC Hardware Diagnostics de Windows son potencialmente vulnerables a la elevaci\u00f3n de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:image_assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.8",
"matchCriteriaId": "08444069-75CB-42FE-A21C-060F20285063"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:pc_hardware_diagnostics:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "2.4.0.0",
"matchCriteriaId": "5C2B46A8-C9B0-4662-9516-7AD35022E34E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:thunderbolt_dock_g2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EC217D-43A5-444E-B702-2A7F16D023F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:thunderbolt_dock_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE30002-9E4A-48CD-98BA-221B55FA38BA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_8128401-8128440-16",
"source": "hp-security-alert@hp.com"
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-57xx/CVE-2023-5759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5759",
"sourceIdentifier": "security@puppet.com",
"published": "2023-11-08T16:15:11.253",
"lastModified": "2023-11-08T16:15:11.253",
"vulnStatus": "Received",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-57xx/CVE-2023-5760.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5760",
"sourceIdentifier": "security@nortonlifelock.com",
"published": "2023-11-08T17:15:07.993",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@nortonlifelock.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 0.0
}
]
},
"weaknesses": [
{
"source": "security@nortonlifelock.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html",
"source": "security@nortonlifelock.com"
}
]
}

265
CVE-2023/CVE-2023-58xx/CVE-2023-5862.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5862",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.697",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:19:43.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,249 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build44:*:*:*:*:android:*:*",
"matchCriteriaId": "87394290-8249-483E-A8A0-2FBCF75A1051"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build45:*:*:*:*:android:*:*",
"matchCriteriaId": "2A843F84-D761-487B-A93E-B8E76AA8E365"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build46:*:*:*:*:android:*:*",
"matchCriteriaId": "A091386E-FEA7-4B3A-810B-466F2BABC352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build47:*:*:*:*:android:*:*",
"matchCriteriaId": "3037260D-E131-4EDE-9189-B1FB0A5A5429"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build48:*:*:*:*:android:*:*",
"matchCriteriaId": "3C15666B-5CD6-49F9-BD6E-1F89C55E1E5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build49:*:*:*:*:android:*:*",
"matchCriteriaId": "94983588-9C53-46DD-B7F2-E48967B55DEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build51:*:*:*:*:android:*:*",
"matchCriteriaId": "FE23796A-FD93-475A-828E-BD42F7C27851"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build52:*:*:*:*:android:*:*",
"matchCriteriaId": "5D5B20EF-6DB4-46A2-9FB9-03A5773632B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build53:*:*:*:*:android:*:*",
"matchCriteriaId": "6B969370-88D9-4059-B91B-BF9BC1621DF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build55:*:*:*:*:android:*:*",
"matchCriteriaId": "7E9567E1-7561-4E13-91F0-DF34E30C8259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build56:*:*:*:*:android:*:*",
"matchCriteriaId": "EC5D4C76-982F-48CF-A82E-6CCDC8925115"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build57:*:*:*:*:android:*:*",
"matchCriteriaId": "611070EE-763F-459F-8B9D-89C55997D8F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build58:*:*:*:*:android:*:*",
"matchCriteriaId": "6B638451-2C56-48F8-903E-D2FCFB0645D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build59:*:*:*:*:android:*:*",
"matchCriteriaId": "97DADF5F-0278-492D-8B1E-48CA370669A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build60:*:*:*:*:android:*:*",
"matchCriteriaId": "5D1D5563-CD34-4E56-B8B5-8587E5E9F35F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build61:*:*:*:*:android:*:*",
"matchCriteriaId": "2E747A57-6A29-4185-9312-FBE54E867F44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build62:*:*:*:*:android:*:*",
"matchCriteriaId": "831150BC-FAF5-4F72-B344-10988D9CABCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build63:*:*:*:*:android:*:*",
"matchCriteriaId": "EA698C87-4CCD-4857-A85C-D09741D8D38C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build64:*:*:*:*:android:*:*",
"matchCriteriaId": "B8C7AAE5-4EAA-475E-AB89-1F29C8FB4B64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build65:*:*:*:*:android:*:*",
"matchCriteriaId": "9D51C065-4487-4802-9BD9-10ED0387DF0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build66:*:*:*:*:android:*:*",
"matchCriteriaId": "C8BEFFEB-CAE5-499B-B815-1CD205F39434"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build67:*:*:*:*:android:*:*",
"matchCriteriaId": "2CF8D831-DF7C-446E-93F8-3D5AE164A427"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build68:*:*:*:*:android:*:*",
"matchCriteriaId": "F26BFF90-A51B-4027-9143-4B61B12A1CCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build69:*:*:*:*:android:*:*",
"matchCriteriaId": "83A39BFC-4974-4213-8E4A-DBFCFB61B4DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build70:*:*:*:*:android:*:*",
"matchCriteriaId": "28379D90-2075-41EC-BB8F-55C71C79FE30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build71:*:*:*:*:android:*:*",
"matchCriteriaId": "4D89556A-C668-4AAF-B914-F9E73AEA7C54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build72:*:*:*:*:android:*:*",
"matchCriteriaId": "60FB0F45-8232-4B63-9A89-E416E1C46132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build73:*:*:*:*:android:*:*",
"matchCriteriaId": "476FAE2E-BA3D-4431-B66C-59BEF5FAE401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build74:*:*:*:*:android:*:*",
"matchCriteriaId": "2F2DD2A7-FA45-48F5-816E-BEEF1ED98180"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build75:*:*:*:*:android:*:*",
"matchCriteriaId": "9F91A3B6-44E8-4D4E-B39B-1A24955D52B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build76:*:*:*:*:android:*:*",
"matchCriteriaId": "327CF0CC-7D07-4FE8-844F-DC4A67339FCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build77:*:*:*:*:android:*:*",
"matchCriteriaId": "954BF3FA-22BF-4789-A8D3-D4CE046A0309"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build78:*:*:*:*:android:*:*",
"matchCriteriaId": "09C5A9B4-860C-482B-95A8-D9E2384E090E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build79:*:*:*:*:android:*:*",
"matchCriteriaId": "CFBAB653-08B9-44A1-B918-EE1E2518C09C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build80:*:*:*:*:android:*:*",
"matchCriteriaId": "AA445E51-8A00-4298-BE11-A6C1EF5A3B69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build83:*:*:*:*:android:*:*",
"matchCriteriaId": "499604F5-2385-4444-B47A-C88BEF3DE04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build85:*:*:*:*:android:*:*",
"matchCriteriaId": "E465B1F6-B513-49C6-ADB2-C7969EBB8B30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build86:*:*:*:*:android:*:*",
"matchCriteriaId": "6C6937BF-2A9A-43CC-B281-72C5C5D61B1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build87:*:*:*:*:android:*:*",
"matchCriteriaId": "E5DB21B5-7B52-433E-B18B-E24B56DFF2F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build88:*:*:*:*:android:*:*",
"matchCriteriaId": "EC172BAC-6564-4E9F-80E1-CC8B91052944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build89:*:*:*:*:android:*:*",
"matchCriteriaId": "FE10EAA2-6C78-461A-8080-C7C4795195CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build92:*:*:*:*:android:*:*",
"matchCriteriaId": "0C973B0B-F663-4144-921C-D31A637A36D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:build94:*:*:*:*:android:*:*",
"matchCriteriaId": "08F4C6BC-CE87-4751-8967-BE14467B69DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-58xx/CVE-2023-5866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5866",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.947",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T18:09:49.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.1",
"matchCriteriaId": "A0F6B11D-C89E-4C4F-A2CA-9CB3F83C8AD3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-59xx/CVE-2023-5913.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5913",
"sourceIdentifier": "security@opentext.com",
"published": "2023-11-08T17:15:08.193",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The\u00a0vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000023500?language=en_US",
"source": "security@opentext.com"
}
]
}

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-08T17:00:20.120546+00:00
2023-11-08T19:00:19.410809+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-08T16:54:12.307000+00:00
2023-11-08T18:49:56.440000+00:00
```
### Last Data Feed Release
@ -29,45 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230142
230148
```
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `6`
* [CVE-2023-32298](CVE-2023/CVE-2023-322xx/CVE-2023-32298.json) (`2023-11-08T16:15:08.727`)
* [CVE-2023-35767](CVE-2023/CVE-2023-357xx/CVE-2023-35767.json) (`2023-11-08T16:15:08.813`)
* [CVE-2023-45140](CVE-2023/CVE-2023-451xx/CVE-2023-45140.json) (`2023-11-08T16:15:09.800`)
* [CVE-2023-45319](CVE-2023/CVE-2023-453xx/CVE-2023-45319.json) (`2023-11-08T16:15:10.000`)
* [CVE-2023-45849](CVE-2023/CVE-2023-458xx/CVE-2023-45849.json) (`2023-11-08T16:15:10.193`)
* [CVE-2023-46613](CVE-2023/CVE-2023-466xx/CVE-2023-46613.json) (`2023-11-08T16:15:10.367`)
* [CVE-2023-46621](CVE-2023/CVE-2023-466xx/CVE-2023-46621.json) (`2023-11-08T16:15:10.470`)
* [CVE-2023-46626](CVE-2023/CVE-2023-466xx/CVE-2023-46626.json) (`2023-11-08T16:15:10.610`)
* [CVE-2023-46627](CVE-2023/CVE-2023-466xx/CVE-2023-46627.json) (`2023-11-08T16:15:10.690`)
* [CVE-2023-46640](CVE-2023/CVE-2023-466xx/CVE-2023-46640.json) (`2023-11-08T16:15:10.763`)
* [CVE-2023-47107](CVE-2023/CVE-2023-471xx/CVE-2023-47107.json) (`2023-11-08T16:15:10.833`)
* [CVE-2023-47397](CVE-2023/CVE-2023-473xx/CVE-2023-47397.json) (`2023-11-08T16:15:11.017`)
* [CVE-2023-5136](CVE-2023/CVE-2023-51xx/CVE-2023-5136.json) (`2023-11-08T16:15:11.067`)
* [CVE-2023-5759](CVE-2023/CVE-2023-57xx/CVE-2023-5759.json) (`2023-11-08T16:15:11.253`)
* [CVE-2023-46642](CVE-2023/CVE-2023-466xx/CVE-2023-46642.json) (`2023-11-08T17:15:07.780`)
* [CVE-2023-46643](CVE-2023/CVE-2023-466xx/CVE-2023-46643.json) (`2023-11-08T17:15:07.860`)
* [CVE-2023-47379](CVE-2023/CVE-2023-473xx/CVE-2023-47379.json) (`2023-11-08T17:15:07.937`)
* [CVE-2023-5760](CVE-2023/CVE-2023-57xx/CVE-2023-5760.json) (`2023-11-08T17:15:07.993`)
* [CVE-2023-5913](CVE-2023/CVE-2023-59xx/CVE-2023-5913.json) (`2023-11-08T17:15:08.193`)
* [CVE-2023-3282](CVE-2023/CVE-2023-32xx/CVE-2023-3282.json) (`2023-11-08T18:15:07.827`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `76`
* [CVE-2015-2968](CVE-2015/CVE-2015-29xx/CVE-2015-2968.json) (`2023-11-08T16:44:36.267`)
* [CVE-2021-33635](CVE-2021/CVE-2021-336xx/CVE-2021-33635.json) (`2023-11-08T15:04:19.710`)
* [CVE-2023-0001](CVE-2023/CVE-2023-00xx/CVE-2023-0001.json) (`2023-11-08T15:15:08.020`)
* [CVE-2023-39913](CVE-2023/CVE-2023-399xx/CVE-2023-39913.json) (`2023-11-08T15:15:08.150`)
* [CVE-2023-27706](CVE-2023/CVE-2023-277xx/CVE-2023-27706.json) (`2023-11-08T16:05:51.163`)
* [CVE-2023-23767](CVE-2023/CVE-2023-237xx/CVE-2023-23767.json) (`2023-11-08T16:15:08.437`)
* [CVE-2023-43718](CVE-2023/CVE-2023-437xx/CVE-2023-43718.json) (`2023-11-08T16:15:09.007`)
* [CVE-2023-43724](CVE-2023/CVE-2023-437xx/CVE-2023-43724.json) (`2023-11-08T16:15:09.220`)
* [CVE-2023-43726](CVE-2023/CVE-2023-437xx/CVE-2023-43726.json) (`2023-11-08T16:15:09.407`)
* [CVE-2023-44480](CVE-2023/CVE-2023-444xx/CVE-2023-44480.json) (`2023-11-08T16:15:09.607`)
* [CVE-2023-36263](CVE-2023/CVE-2023-362xx/CVE-2023-36263.json) (`2023-11-08T16:48:00.990`)
* [CVE-2023-45899](CVE-2023/CVE-2023-458xx/CVE-2023-45899.json) (`2023-11-08T16:54:12.307`)
* [CVE-2023-5211](CVE-2023/CVE-2023-52xx/CVE-2023-5211.json) (`2023-11-08T18:34:40.567`)
* [CVE-2023-5229](CVE-2023/CVE-2023-52xx/CVE-2023-5229.json) (`2023-11-08T18:35:10.590`)
* [CVE-2023-5237](CVE-2023/CVE-2023-52xx/CVE-2023-5237.json) (`2023-11-08T18:36:19.067`)
* [CVE-2023-5238](CVE-2023/CVE-2023-52xx/CVE-2023-5238.json) (`2023-11-08T18:37:35.557`)
* [CVE-2023-5243](CVE-2023/CVE-2023-52xx/CVE-2023-5243.json) (`2023-11-08T18:40:41.847`)
* [CVE-2023-46138](CVE-2023/CVE-2023-461xx/CVE-2023-46138.json) (`2023-11-08T18:41:09.540`)
* [CVE-2023-5307](CVE-2023/CVE-2023-53xx/CVE-2023-5307.json) (`2023-11-08T18:41:12.960`)
* [CVE-2023-46485](CVE-2023/CVE-2023-464xx/CVE-2023-46485.json) (`2023-11-08T18:41:18.580`)
* [CVE-2023-5360](CVE-2023/CVE-2023-53xx/CVE-2023-5360.json) (`2023-11-08T18:41:39.053`)
* [CVE-2023-46484](CVE-2023/CVE-2023-464xx/CVE-2023-46484.json) (`2023-11-08T18:41:43.503`)
* [CVE-2023-3676](CVE-2023/CVE-2023-36xx/CVE-2023-3676.json) (`2023-11-08T18:42:03.267`)
* [CVE-2023-5458](CVE-2023/CVE-2023-54xx/CVE-2023-5458.json) (`2023-11-08T18:42:44.630`)
* [CVE-2023-5519](CVE-2023/CVE-2023-55xx/CVE-2023-5519.json) (`2023-11-08T18:43:21.643`)
* [CVE-2023-24410](CVE-2023/CVE-2023-244xx/CVE-2023-24410.json) (`2023-11-08T18:44:01.737`)
* [CVE-2023-43139](CVE-2023/CVE-2023-431xx/CVE-2023-43139.json) (`2023-11-08T18:45:06.463`)
* [CVE-2023-42640](CVE-2023/CVE-2023-426xx/CVE-2023-42640.json) (`2023-11-08T18:45:28.357`)
* [CVE-2023-42634](CVE-2023/CVE-2023-426xx/CVE-2023-42634.json) (`2023-11-08T18:46:03.447`)
* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-11-08T18:46:22.220`)
* [CVE-2023-31212](CVE-2023/CVE-2023-312xx/CVE-2023-31212.json) (`2023-11-08T18:47:36.203`)
* [CVE-2023-33927](CVE-2023/CVE-2023-339xx/CVE-2023-33927.json) (`2023-11-08T18:47:41.490`)
* [CVE-2023-35879](CVE-2023/CVE-2023-358xx/CVE-2023-35879.json) (`2023-11-08T18:47:46.667`)
* [CVE-2023-36508](CVE-2023/CVE-2023-365xx/CVE-2023-36508.json) (`2023-11-08T18:47:51.157`)
* [CVE-2023-37243](CVE-2023/CVE-2023-372xx/CVE-2023-37243.json) (`2023-11-08T18:48:53.687`)
* [CVE-2023-37966](CVE-2023/CVE-2023-379xx/CVE-2023-37966.json) (`2023-11-08T18:49:49.813`)
* [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-11-08T18:49:56.440`)
## Download and Usage