admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-19T19:00:24.767656+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-19 19:00:28 +00:00
parent 66343e28c7
commit f5d8924066
34 changed files with 1919 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2022/CVE-2022-453xx/CVE-2022-45365.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-45365",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T15:15:07.357",
"lastModified": "2023-12-14T15:20:34.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:37:40.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uro\u0161evi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Aleksandar Uro\u0161evi? Stock Ticker permite XSS reflejado. Este problema afecta a Stock Ticker: desde n/a hasta 3.23.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:urosevic:stock_ticker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.23.2",
"matchCriteriaId": "202928C4-F587-4059-BBCB-37150DE3ADCC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/stock-ticker/wordpress-stock-ticker-plugin-3-23-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-19xx/CVE-2023-1904.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1904",
"sourceIdentifier": "security@octopus.com",
"published": "2023-12-14T08:15:36.550",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:57:53.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.\n\n"
},
{
"lang": "es",
"value": "En las versiones afectadas de Octopus Server, es posible que el secreto del cliente OpenID se registre en texto plano durante la configuraci\u00f3n de Octopus Server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@octopus.com",
"type": "Secondary",
@ -34,10 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.2121",
"versionEndExcluding": "2023.1.11942",
"matchCriteriaId": "E426B3F4-E5BE-4167-AAF0-1D66CB5F07A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.2.2028",
"versionEndExcluding": "2023.2.13151",
"matchCriteriaId": "195CB35A-22A1-43CD-B49C-26A305EA4193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.3.317",
"versionEndExcluding": "2023.3.5049",
"matchCriteriaId": "7BAB3AC7-59E2-4590-97DA-D84C4705C69F"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.octopus.com/post/2023/sa2023-12/",
"source": "security@octopus.com"
"source": "security@octopus.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-256xx/CVE-2023-25651.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25651",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-12-14T07:15:08.270",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:46:27.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a SQL injection vulnerability in some ZTE mobile internet\u00a0products.\u00a0Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en algunos productos de Internet m\u00f3vil de ZTE. Debido a una validaci\u00f3n de entrada insuficiente del par\u00e1metro de la interfaz SMS, un atacante autenticado podr\u00eda utilizar la vulnerabilidad para ejecutar una inyecci\u00f3n SQL y provocar una fuga de informaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:mf833u1_firmware:bd_mf833u1v1.0.0b01:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96CCC0-355A-45D9-A0F1-73BFB6D841F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:mf833u1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF9A3AC-95D3-4EF9-9681-737587284105"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:mf286r_firmware:cr_lvwrgbmf286rv1.0.0b04:*:*:*:*:*:*:*",
"matchCriteriaId": "501A46C7-1325-44B1-81FC-8769181A5075"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF5C7D2-70E8-4E1C-B712-7F9A026EAEC8"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-406xx/CVE-2023-40629.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-40629",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.550",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:18:40.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQLi vulnerability in LMS Lite component for Joomla."
},
{
"lang": "es",
"value": "Vulnerabilidad SQLi en el componente LMS Lite para Joomla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@joomla.org",
"type": "Secondary",
@ -23,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:king-products:lms_king_lite:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "3.3.01",
"matchCriteriaId": "34E659D4-0B51-4056-B498-1302E5636395"
}
]
}
]
}
],
"references": [
{
"url": "https://extensions.joomla.org/extension/lms-lite/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-406xx/CVE-2023-40655.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-40655",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.707",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:09:11.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el componente Proforms Basic para Joomla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@joomla.org",
"type": "Secondary",
@ -23,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mooj:proforms:*:*:*:*:basic:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "27BE745C-00DE-4B4F-97B1-9A9CE2F87464"
}
]
}
]
}
],
"references": [
{
"url": "https://extensions.joomla.org/extension/proforms-basic/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-44xx/CVE-2023-4486.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4486",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-12-07T20:15:38.530",
"lastModified": "2023-12-13T18:47:41.807",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-19T17:15:07.377",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.\n\n"
"value": "Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to \n\nversions 11.0.6 and 12.0.4\n\n and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.\n\n"
},
{
"lang": "es",

58
CVE-2023/CVE-2023-462xx/CVE-2023-46279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46279",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-15T09:15:07.490",
"lastModified": "2023-12-15T13:42:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:40:49.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache Dubbo. Este problema solo afecta a Apache Dubbo 3.1.5. Se recomienda a los usuarios que actualicen a la \u00faltima versi\u00f3n, lo que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,14 +50,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:dubbo:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C67689E-E6EB-41BB-A21B-FC2492EC8139"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-467xx/CVE-2023-46713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46713",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-12-13T07:15:24.547",
"lastModified": "2023-12-13T13:35:21.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:59:02.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.8",
"matchCriteriaId": "B780406C-A6CC-40A8-BB80-2BFBC0E39F7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndIncluding": "6.3.23",
"matchCriteriaId": "29BAA789-62A7-4040-B6F7-8E70FFBA0399"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "BE91BE98-9518-48C1-8063-5F6A8AE50A73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.5",
"matchCriteriaId": "7700D448-6A28-4033-9383-B42FA04DCBFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E0DF8E-3272-4302-A1A0-F7981E383E47"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-256",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-472xx/CVE-2023-47261.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-47261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T17:15:07.933",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:06:10.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled."
},
{
"lang": "es",
"value": "Dokmee ECM 7.4.6 permite la ejecuci\u00f3n remota de c\u00f3digo porque la respuesta a una solicitud GettingStarted/SaveSQLConnectionAsync /#/gettingstarted contiene una cadena de conexi\u00f3n para acceso privilegiado a la base de datos de SQL Server y se puede habilitar xp_cmdshell."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dokmee:enterprise_content_management:7.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "02590BDE-F835-425A-BFC8-304C8DCB5C0A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://h3x0s3.github.io/CVE2023~47261/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dokmee.com/Support-Learn/Updates-Change-Log",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-480xx/CVE-2023-48084.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T07:15:08.890",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:41:44.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Nagios XI anterior a la versi\u00f3n 5.11.3 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de la herramienta de modificaci\u00f3n masiva."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.3",
"matchCriteriaId": "18C694C2-7818-4232-81BF-8F8CEA3B3547"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.nagios.com/products/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-480xx/CVE-2023-48085.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-48085",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T07:15:09.033",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:41:59.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Nagios XI anterior a la versi\u00f3n 5.11.3 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del componente command_test.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.3",
"matchCriteriaId": "18C694C2-7818-4232-81BF-8F8CEA3B3547"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.nagios.com/products/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-486xx/CVE-2023-48671.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48671",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T17:15:07.987",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:01:42.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.\n\n"
},
{
"lang": "es",
"value": "Dell vApp Manager, las versiones anteriores a la 9.2.4.x contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un atacante remoto podr\u00eda explotar esta vulnerabilidad y obtener informaci\u00f3n confidencial que podr\u00eda ayudar en futuros ataques."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.5",
"matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.7",
"matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*",
"matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-487xx/CVE-2023-48765.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T14:15:14.853",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:04:34.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Kr\u00fcss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Till Kr\u00fcss Email Address Encoder permite almacenar XSS. Este problema afecta al Email Address Encoder: desde n/a hasta 1.0.22."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tillkruss:email_address_encoder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.23",
"matchCriteriaId": "8D7A67A0-96E1-4F2C-916F-8587278ACB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/email-address-encoder/wordpress-email-address-encoder-plugin-1-0-22-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-487xx/CVE-2023-48780.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48780",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:08.953",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:54:07.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en EnigmaWeb WP Catalog permite almacenar XSS. Este problema afecta a WP Catalogue: desde n/a hasta 1.7.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maevelander:wp_catalogue:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.6",
"matchCriteriaId": "822CDAA6-79B5-48D7-951B-164C09454DAF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-catalogue/wordpress-wp-catalogue-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49149.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49149",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.143",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:21:57.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CurrencyRate.Today Currency Converter Calculator permite almacenar XSS. Este problema afecta a Currency Converter Calculator: desde n/a hasta 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:currencyratetoday:currency_converter_calculator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "A4741614-808C-4682-8C14-8FF437DF826E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/currency-converter-calculator/wordpress-currency-converter-calculator-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49150.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49150",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.337",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:26:48.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en CurrencyRate.Today Crypto Converter Widget permite almacenar XSS. Este problema afecta a Crypto Converter Widget: desde n/a hasta 1.8.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:currencyratetoday:crypto_converter_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.1",
"matchCriteriaId": "FAA53CEF-6C6E-4245-BA50-A46884A2B69D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/crypto-converter-widget/wordpress-crypto-converter-widget-plugin-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-491xx/CVE-2023-49160.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49160",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-15T14:15:15.047",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:44:14.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en formzu Inc. Formzu WP permite almacenar XSS. Este problema afecta a Formzu WP: desde n/a hasta 1.6.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formzu:formzu_wp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.7",
"matchCriteriaId": "B4270839-CEC0-4104-9F17-DD045FC279D5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-497xx/CVE-2023-49707.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-49707",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:42.240",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:10:39.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQLi vulnerability in S5 Register module for Joomla."
},
{
"lang": "es",
"value": "Vulnerabilidad SQLi en el m\u00f3dulo S5 Register para Joomla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@joomla.org",
"type": "Secondary",
@ -23,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomlart:s5_register:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "3.0.0",
"matchCriteriaId": "628FBEE0-566F-4573-A7A6-B8728DB47FA4"
}
]
}
]
}
],
"references": [
{
"url": "https://extensions.joomla.org/extension/s5-register/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-497xx/CVE-2023-49708.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-49708",
"sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:42.310",
"lastModified": "2023-12-14T13:51:59.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:12:34.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQLi vulnerability in Starshop component for Joomla."
},
{
"lang": "es",
"value": "Vulnerabilidad SQLi en el componente Starshop para Joomla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@joomla.org",
"type": "Secondary",
@ -23,10 +60,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomstar:starshop:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.0.9",
"matchCriteriaId": "1E98EBDA-B39E-44BC-B97F-3008BBC74A00"
}
]
}
]
}
],
"references": [
{
"url": "https://extensions.joomla.org/extension/starshop/",
"source": "security@joomla.org"
"source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49739.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49739",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T15:15:08.580",
"lastModified": "2023-12-14T15:20:34.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:06:46.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]"
},
{
"lang": "es",
"value": "[TIPO DE PROBLEMA] en [COMPONENTE] en [PROVEEDOR] [PRODUCTO] [VERSI\u00d3N] en [PLATAFORMAS] permite que [ATACANTE] [IMPACTE] a trav\u00e9s de [VECTOR]"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ideabox:powerpack_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.9.24",
"matchCriteriaId": "98DE9EA1-536B-4835-9D79-43FA6E77FF7D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/powerpack-elements/wordpress-powerpack-pro-for-elementor-plugin-2-9-23-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49842.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49842",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.533",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:31:01.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-Site Scripting') en wpexpertsio Rocket Maintenance Mode & Coming Soon Page permite almacenar XSS. Este problema afecta a Rocket Maintenance Mode & Coming Soon Page: desde n/a hasta 4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:rocket_maintenance_mode_\\&_coming_soon_page:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3",
"matchCriteriaId": "A79FDF1C-7BFA-4697-A5D4-57335AEBBC0C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rocket-maintenance-mode/wordpress-rocket-maintenance-mode-coming-soon-page-plugin-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49860.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49860",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T17:15:09.727",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:42:39.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en weDevs WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts permite almacenar XSS. Este problema afecta a WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts: desde n/a hasta 2.6.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.7",
"matchCriteriaId": "16BCC90D-D46B-4AF7-888D-28EFE9026019"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-502xx/CVE-2023-50247.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50247",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T20:15:08.580",
"lastModified": "2023-12-12T20:20:16.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:56:13.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support."
},
{
"lang": "es",
"value": "h2o es un servidor HTTP compatible con HTTP/1.x, HTTP/2 y HTTP/3. La pila QUIC (r\u00e1pidamente), tal como la utiliza H2O hasta el commit 43f86e5 (en la versi\u00f3n 2.3.0-beta y anteriores), es susceptible a un ataque de agotamiento de estado. Cuando H2O sirve HTTP/3, un atacante remoto puede aprovechar esta vulnerabilidad para aumentar progresivamente la memoria retenida por la pila QUIC. Esto eventualmente puede causar que H2O cancele debido al agotamiento de la memoria. La vulnerabilidad se resolvi\u00f3 en el commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 y HTTP/2 no se ven afectados por esta vulnerabilidad ya que no utilizan QUIC. Los administradores que quieran mitigar este problema sin realizar una actualizaci\u00f3n pueden desactivar la compatibilidad con HTTP/3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.6",
"matchCriteriaId": "3C540EDB-1F68-47E9-A457-B6BC1EB805D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "128D1D5E-4E71-4ABB-B580-F17E2B74B5F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E69DE676-300A-4A95-A04D-7463CA372799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/d67e81d03be12a9d53dc8271af6530f40164cd35",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2ch5-p59c-7mv6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-508xx/CVE-2023-50870.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50870",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2023-12-15T14:15:15.453",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:48:01.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible"
},
{
"lang": "es",
"value": "En JetBrains TeamCity antes de 2023.11.1 era posible un CSRF al iniciar sesi\u00f3n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.11.1",
"matchCriteriaId": "AE73A316-FFD2-4E59-979C-666A1F45A41B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
"source": "cve@jetbrains.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-508xx/CVE-2023-50871.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50871",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2023-12-15T14:15:15.713",
"lastModified": "2023-12-15T15:26:42.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:50:30.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed"
},
{
"lang": "es",
"value": "En JetBrains YouTrack anterior a 2023.3.22268, se omit\u00eda la verificaci\u00f3n de autorizaci\u00f3n para comentarios en l\u00ednea dentro de las respuestas de los hilos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.22268",
"matchCriteriaId": "419EE60D-E372-40A7-9FEF-CAEAB9133461"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
"source": "cve@jetbrains.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-509xx/CVE-2023-50918.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-50918",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-15T18:15:07.723",
"lastModified": "2023-12-15T20:09:58.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:18:38.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs."
},
{
"lang": "es",
"value": "app/Controller/AuditLogsController.php en MISP anterior a 2.4.182 maneja mal las ACL para los registros de auditor\u00eda."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.182",
"matchCriteriaId": "AAC65444-AE99-4A5A-8BD0-C305F956C0ED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.181...v2.4.182",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

66
CVE-2023/CVE-2023-63xx/CVE-2023-6366.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6366",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:53.383",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:30:45.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. \u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n"
},
{
"lang": "es",
"value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas. Es posible que un atacante cree un payload XSS y almacene ese valor en el Centro de Alertas. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0",
"matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/network-monitoring",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-63xx/CVE-2023-6367.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6367",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:53.593",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:44:03.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles. \u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n"
},
{
"lang": "es",
"value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de Roles. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0",
"matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/network-monitoring",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-63xx/CVE-2023-6368.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6368",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:54.103",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:48:19.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.\n\n"
},
{
"lang": "es",
"value": "En las versiones de WhatsUp Gold lanzadas antes de 2023.1, se descubri\u00f3 que a un endpoint de API le faltaba un mecanismo de autenticaci\u00f3n. Es posible que un atacante no autenticado enumere informaci\u00f3n relacionada con un dispositivo registrado que est\u00e1 siendo monitorizado por WhatsUp Gold."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0",
"matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/network-monitoring",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-65xx/CVE-2023-6545.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-6545",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-14T14:15:45.753",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:35:44.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia."
},
{
"lang": "es",
"value": "El paquete authelia-bhf incluido en Beckhoffs TwinCAT/BSD es propenso a una redirecci\u00f3n abierta que permite a un atacante remoto sin privilegios redirigir a un usuario a otro sitio. Esto puede tener un impacto limitado en la integridad y afecta \u00fanicamente a anthelia-bhf, la bifurcaci\u00f3n Beckhoff de authelia."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
@ -46,14 +70,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beckhoff:authelia-bhf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.37.5",
"matchCriteriaId": "F31D238A-F122-4951-8323-0C2228D39C42"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B120DD-137B-4906-ACF7-73F42C05D90E"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-067/",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2023-001.pdf",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-65xx/CVE-2023-6572.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-6572",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-14T14:15:46.013",
"lastModified": "2023-12-14T14:49:08.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T18:29:36.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en el repositorio de GitHub gradio-app/gradio antes de main."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,8 +62,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +82,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*",
"versionEndExcluding": "2023-11-06",
"matchCriteriaId": "91287D19-9BDC-45B2-92ED-1C79047A3D81"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-65xx/CVE-2023-6595.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6595",
"sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:54.453",
"lastModified": "2023-12-14T17:17:50.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T17:51:54.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.\n\n"
},
{
"lang": "es",
"value": "En las versiones de WhatsUp Gold lanzadas antes de 2023.1, se descubri\u00f3 que a un endpoint de API le faltaba un mecanismo de autenticaci\u00f3n. Es posible que un atacante no autenticado enumere informaci\u00f3n de credenciales auxiliares almacenada en WhatsUp Gold."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0",
"matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/network-monitoring",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-68xx/CVE-2023-6869.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6869",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:08.040",
"lastModified": "2023-12-19T14:49:49.807",
"lastModified": "2023-12-19T17:15:07.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A `` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121."
"value": "A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121."
}
],
"metrics": {},

83
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-19T17:00:24.690445+00:00
2023-12-19T19:00:24.767656+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-19T16:53:42.183000+00:00
2023-12-19T18:59:02.837000+00:00
```
### Last Data Feed Release
@ -34,64 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `32`
Recently added CVEs: `0`
* [CVE-2023-46225](CVE-2023/CVE-2023-462xx/CVE-2023-46225.json) (`2023-12-19T16:15:10.260`)
* [CVE-2023-46257](CVE-2023/CVE-2023-462xx/CVE-2023-46257.json) (`2023-12-19T16:15:10.413`)
* [CVE-2023-46258](CVE-2023/CVE-2023-462xx/CVE-2023-46258.json) (`2023-12-19T16:15:10.570`)
* [CVE-2023-46259](CVE-2023/CVE-2023-462xx/CVE-2023-46259.json) (`2023-12-19T16:15:10.720`)
* [CVE-2023-46260](CVE-2023/CVE-2023-462xx/CVE-2023-46260.json) (`2023-12-19T16:15:10.887`)
* [CVE-2023-46261](CVE-2023/CVE-2023-462xx/CVE-2023-46261.json) (`2023-12-19T16:15:11.043`)
* [CVE-2023-46262](CVE-2023/CVE-2023-462xx/CVE-2023-46262.json) (`2023-12-19T16:15:11.190`)
* [CVE-2023-46263](CVE-2023/CVE-2023-462xx/CVE-2023-46263.json) (`2023-12-19T16:15:11.343`)
* [CVE-2023-46264](CVE-2023/CVE-2023-462xx/CVE-2023-46264.json) (`2023-12-19T16:15:11.493`)
* [CVE-2023-46265](CVE-2023/CVE-2023-462xx/CVE-2023-46265.json) (`2023-12-19T16:15:11.640`)
* [CVE-2023-46266](CVE-2023/CVE-2023-462xx/CVE-2023-46266.json) (`2023-12-19T16:15:11.787`)
* [CVE-2023-46803](CVE-2023/CVE-2023-468xx/CVE-2023-46803.json) (`2023-12-19T16:15:11.930`)
* [CVE-2023-46804](CVE-2023/CVE-2023-468xx/CVE-2023-46804.json) (`2023-12-19T16:15:12.077`)
* [CVE-2023-50272](CVE-2023/CVE-2023-502xx/CVE-2023-50272.json) (`2023-12-19T16:15:12.347`)
* [CVE-2023-1514](CVE-2023/CVE-2023-15xx/CVE-2023-1514.json) (`2023-12-19T15:15:08.037`)
* [CVE-2023-43870](CVE-2023/CVE-2023-438xx/CVE-2023-43870.json) (`2023-12-19T15:15:08.357`)
* [CVE-2023-6280](CVE-2023/CVE-2023-62xx/CVE-2023-6280.json) (`2023-12-19T15:15:09.033`)
* [CVE-2023-6711](CVE-2023/CVE-2023-67xx/CVE-2023-6711.json) (`2023-12-19T15:15:09.257`)
* [CVE-2023-6913](CVE-2023/CVE-2023-69xx/CVE-2023-6913.json) (`2023-12-19T15:15:09.447`)
* [CVE-2023-25715](CVE-2023/CVE-2023-257xx/CVE-2023-25715.json) (`2023-12-19T16:15:07.980`)
* [CVE-2023-37390](CVE-2023/CVE-2023-373xx/CVE-2023-37390.json) (`2023-12-19T16:15:08.193`)
* [CVE-2023-41727](CVE-2023/CVE-2023-417xx/CVE-2023-41727.json) (`2023-12-19T16:15:08.623`)
* [CVE-2023-44983](CVE-2023/CVE-2023-449xx/CVE-2023-44983.json) (`2023-12-19T16:15:08.787`)
* [CVE-2023-44991](CVE-2023/CVE-2023-449xx/CVE-2023-44991.json) (`2023-12-19T16:15:08.973`)
* [CVE-2023-46216](CVE-2023/CVE-2023-462xx/CVE-2023-46216.json) (`2023-12-19T16:15:09.170`)
### CVEs modified in the last Commit
Recently modified CVEs: `37`
Recently modified CVEs: `33`
* [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-19T15:25:57.190`)
* [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-19T15:27:29.937`)
* [CVE-2023-47620](CVE-2023/CVE-2023-476xx/CVE-2023-47620.json) (`2023-12-19T15:27:49.173`)
* [CVE-2023-47623](CVE-2023/CVE-2023-476xx/CVE-2023-47623.json) (`2023-12-19T15:27:59.743`)
* [CVE-2023-50709](CVE-2023/CVE-2023-507xx/CVE-2023-50709.json) (`2023-12-19T15:28:16.453`)
* [CVE-2023-50262](CVE-2023/CVE-2023-502xx/CVE-2023-50262.json) (`2023-12-19T15:28:42.343`)
* [CVE-2023-49878](CVE-2023/CVE-2023-498xx/CVE-2023-49878.json) (`2023-12-19T15:31:33.753`)
* [CVE-2023-47624](CVE-2023/CVE-2023-476xx/CVE-2023-47624.json) (`2023-12-19T15:33:35.507`)
* [CVE-2023-49296](CVE-2023/CVE-2023-492xx/CVE-2023-49296.json) (`2023-12-19T15:43:13.307`)
* [CVE-2023-43583](CVE-2023/CVE-2023-435xx/CVE-2023-43583.json) (`2023-12-19T15:49:19.407`)
* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2023-12-19T16:08:07.640`)
* [CVE-2023-40657](CVE-2023/CVE-2023-406xx/CVE-2023-40657.json) (`2023-12-19T16:10:07.447`)
* [CVE-2023-41618](CVE-2023/CVE-2023-416xx/CVE-2023-41618.json) (`2023-12-19T16:11:02.990`)
* [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-12-19T16:15:07.883`)
* [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-12-19T16:15:08.413`)
* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-12-19T16:15:08.527`)
* [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-12-19T16:15:12.243`)
* [CVE-2023-40658](CVE-2023/CVE-2023-406xx/CVE-2023-40658.json) (`2023-12-19T16:18:43.973`)
* [CVE-2023-40659](CVE-2023/CVE-2023-406xx/CVE-2023-40659.json) (`2023-12-19T16:19:14.030`)
* [CVE-2023-48225](CVE-2023/CVE-2023-482xx/CVE-2023-48225.json) (`2023-12-19T16:30:05.530`)
* [CVE-2023-48664](CVE-2023/CVE-2023-486xx/CVE-2023-48664.json) (`2023-12-19T16:41:04.083`)
* [CVE-2023-48665](CVE-2023/CVE-2023-486xx/CVE-2023-48665.json) (`2023-12-19T16:45:27.163`)
* [CVE-2023-6365](CVE-2023/CVE-2023-63xx/CVE-2023-6365.json) (`2023-12-19T16:52:31.667`)
* [CVE-2023-49770](CVE-2023/CVE-2023-497xx/CVE-2023-49770.json) (`2023-12-19T16:53:26.097`)
* [CVE-2023-40656](CVE-2023/CVE-2023-406xx/CVE-2023-40656.json) (`2023-12-19T16:53:42.183`)
* [CVE-2023-6366](CVE-2023/CVE-2023-63xx/CVE-2023-6366.json) (`2023-12-19T17:30:45.493`)
* [CVE-2023-46279](CVE-2023/CVE-2023-462xx/CVE-2023-46279.json) (`2023-12-19T17:40:49.427`)
* [CVE-2023-6367](CVE-2023/CVE-2023-63xx/CVE-2023-6367.json) (`2023-12-19T17:44:03.543`)
* [CVE-2023-6368](CVE-2023/CVE-2023-63xx/CVE-2023-6368.json) (`2023-12-19T17:48:19.703`)
* [CVE-2023-6595](CVE-2023/CVE-2023-65xx/CVE-2023-6595.json) (`2023-12-19T17:51:54.827`)
* [CVE-2023-48780](CVE-2023/CVE-2023-487xx/CVE-2023-48780.json) (`2023-12-19T17:54:07.470`)
* [CVE-2023-48671](CVE-2023/CVE-2023-486xx/CVE-2023-48671.json) (`2023-12-19T18:01:42.870`)
* [CVE-2023-48765](CVE-2023/CVE-2023-487xx/CVE-2023-48765.json) (`2023-12-19T18:04:34.990`)
* [CVE-2023-47261](CVE-2023/CVE-2023-472xx/CVE-2023-47261.json) (`2023-12-19T18:06:10.213`)
* [CVE-2023-49739](CVE-2023/CVE-2023-497xx/CVE-2023-49739.json) (`2023-12-19T18:06:46.643`)
* [CVE-2023-49149](CVE-2023/CVE-2023-491xx/CVE-2023-49149.json) (`2023-12-19T18:21:57.330`)
* [CVE-2023-49150](CVE-2023/CVE-2023-491xx/CVE-2023-49150.json) (`2023-12-19T18:26:48.597`)
* [CVE-2023-6572](CVE-2023/CVE-2023-65xx/CVE-2023-6572.json) (`2023-12-19T18:29:36.817`)
* [CVE-2023-49842](CVE-2023/CVE-2023-498xx/CVE-2023-49842.json) (`2023-12-19T18:31:01.960`)
* [CVE-2023-6545](CVE-2023/CVE-2023-65xx/CVE-2023-6545.json) (`2023-12-19T18:35:44.263`)
* [CVE-2023-48084](CVE-2023/CVE-2023-480xx/CVE-2023-48084.json) (`2023-12-19T18:41:44.493`)
* [CVE-2023-48085](CVE-2023/CVE-2023-480xx/CVE-2023-48085.json) (`2023-12-19T18:41:59.183`)
* [CVE-2023-49860](CVE-2023/CVE-2023-498xx/CVE-2023-49860.json) (`2023-12-19T18:42:39.760`)
* [CVE-2023-49160](CVE-2023/CVE-2023-491xx/CVE-2023-49160.json) (`2023-12-19T18:44:14.747`)
* [CVE-2023-25651](CVE-2023/CVE-2023-256xx/CVE-2023-25651.json) (`2023-12-19T18:46:27.270`)
* [CVE-2023-50870](CVE-2023/CVE-2023-508xx/CVE-2023-50870.json) (`2023-12-19T18:48:01.647`)
* [CVE-2023-50871](CVE-2023/CVE-2023-508xx/CVE-2023-50871.json) (`2023-12-19T18:50:30.227`)
* [CVE-2023-50247](CVE-2023/CVE-2023-502xx/CVE-2023-50247.json) (`2023-12-19T18:56:13.660`)
* [CVE-2023-1904](CVE-2023/CVE-2023-19xx/CVE-2023-1904.json) (`2023-12-19T18:57:53.073`)
* [CVE-2023-46713](CVE-2023/CVE-2023-467xx/CVE-2023-46713.json) (`2023-12-19T18:59:02.837`)
## Download and Usage