admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-07T13:00:18.258683+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-07 13:00:21 +00:00
parent fc0a756567
commit fb9018e65c
66 changed files with 834 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2022/CVE-2022-453xx/CVE-2022-45362.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-45362",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:07.260",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Paytm Paytm Payment Gateway. Este problema afecta a Paytm Payment Gateway: desde n/a hasta 2.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-280xx/CVE-2023-28017.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28017",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-12-07T05:15:07.970",
"lastModified": "2023-12-07T05:15:07.970",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.\n"
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a un ataque de Cross-Site-Scripting en el que un atacante puede aprovechar este problema para ejecutar c\u00f3digo de script arbitrario en el navegador de un usuario desprevenido despu\u00e9s de visitar la URL vulnerable que conduce a la ejecuci\u00f3n de c\u00f3digo de script malicioso. Esto puede permitir al atacante robar credenciales de autenticaci\u00f3n basadas en cookies y capturar la cuenta de un usuario y luego lanzar otros ataques."
}
],
"metrics": {

55
CVE-2023/CVE-2023-350xx/CVE-2023-35039.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35039",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:07.360",
"lastModified": "2023-12-07T12:15:07.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-351xx/CVE-2023-35116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35116",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T14:15:10.960",
"lastModified": "2023-11-07T04:15:53.397",
"vulnStatus": "Modified",
"lastModified": "2023-12-07T12:13:13.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,8 +56,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.15.2",
"matchCriteriaId": "318112DB-AF0E-49D0-B05D-A0569A7EDD71"
"versionEndExcluding": "2.16.0",
"matchCriteriaId": "ADC74502-D1EA-4E63-BBFF-8DE51013DCCE"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35909.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35909",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:07.610",
"lastModified": "2023-12-07T12:15:07.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-402xx/CVE-2023-40238.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40238",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T04:15:06.790",
"lastModified": "2023-12-07T04:15:06.790",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de LogoFAIL en BmpDecoderDxe en Insyde InsydeH2O con kernel 5.2 anterior a 05.28.47, 5.3 anterior a 05.37.47, 5.4 anterior a 05.45.47, 5.5 anterior a 05.53.47 y 5.6 anterior a 05.60.47 para ciertos dispositivos Lenovo. El an\u00e1lisis de im\u00e1genes de archivos de logotipos BMP manipulados puede copiar datos a una direcci\u00f3n espec\u00edfica durante la fase DXE de la ejecuci\u00f3n UEFI. Esto ocurre debido a un error de firma de enteros que involucra PixelHeight y PixelWidth durante la compresi\u00f3n RLE4/RLE8."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-411xx/CVE-2023-41106.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T05:15:09.110",
"lastModified": "2023-12-07T05:15:09.110",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) antes de 10.0.3. Un atacante puede obtener acceso a una cuenta de Zimbra. Esto tambi\u00e9n se solucion\u00f3 en el parche 35 9.0.0 y el parche 42 8.8.15."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-418xx/CVE-2023-41804.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41804",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:07.807",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates. Este problema afecta a Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: desde n/a hasta 3.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-419xx/CVE-2023-41913.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41913",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T05:15:09.173",
"lastModified": "2023-12-07T05:15:09.173",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message."
},
{
"lang": "es",
"value": "strongSwan anterior a 5.9.12 tiene un desbordamiento del b\u00fafer y una posible ejecuci\u00f3n remota de c\u00f3digo no autenticado a trav\u00e9s de un valor p\u00fablico DH que excede el b\u00fafer interno en el proxy DH de charon-tkm. La primera versi\u00f3n afectada es la 5.3.0. Un ataque puede ocurrir a trav\u00e9s de un mensaje IKE_SA_INIT manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-431xx/CVE-2023-43102.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.490",
"lastModified": "2023-12-07T06:15:54.490",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) antes de 10.0.4. Se puede aprovechar un problema XSS para acceder al buz\u00f3n de correo de un usuario autenticado. Esto tambi\u00e9n se solucion\u00f3 en el parche 43 8.8.15 y el parche 36 9.0.0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-431xx/CVE-2023-43103.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.630",
"lastModified": "2023-12-07T06:15:54.630",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema XSS en un endpoint web en Zimbra Collaboration (ZCS) anterior a 10.0.4 a trav\u00e9s de un par\u00e1metro no sanitizado. Esto tambi\u00e9n se solucion\u00f3 en el parche 43 8.8.15 y el parche 36 9.0.0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43298.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:07.623",
"lastModified": "2023-12-07T07:15:07.623",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n SCOL Members Card en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43299.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43299",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.373",
"lastModified": "2023-12-07T07:15:08.373",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n DA BUTCHERS en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-433xx/CVE-2023-43300.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.540",
"lastModified": "2023-12-07T07:15:08.540",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n urban_project en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-433xx/CVE-2023-43301.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.697",
"lastModified": "2023-12-07T07:15:08.697",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n DARTS SHOP MAXIM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-433xx/CVE-2023-43302.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:08.880",
"lastModified": "2023-12-07T07:15:08.880",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n sanTas en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-433xx/CVE-2023-43303.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.027",
"lastModified": "2023-12-07T07:15:09.027",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n craftbeer bar canvas en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-433xx/CVE-2023-43304.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43304",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.200",
"lastModified": "2023-12-07T07:15:09.200",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n PARK DANDAN en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-462xx/CVE-2023-46218.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46218",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-07T01:15:07.160",
"lastModified": "2023-12-07T01:15:07.160",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n"
},
{
"lang": "es",
"value": "Esta falla permite que un servidor HTTP malicioso establezca \"supercookies\" en curl que luego se devuelven a m\u00e1s or\u00edgenes de los que est\u00e1n permitidos o son posibles. Esto permite que un sitio establezca cookies que luego se enviar\u00e1n a sitios y dominios diferentes y no relacionados. Podr\u00eda hacer esto explotando una falla de may\u00fasculas y min\u00fasculas en la funci\u00f3n de curl que verifica un dominio de cookie determinado con Public Suffix List (PSL). Por ejemplo, una cookie podr\u00eda configurarse con `domain=co.UK` cuando la URL utilizaba un nombre de host en min\u00fascula `curl.co.uk`, aunque `co.uk` aparezca como un dominio PSL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46307.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46307",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.683",
"lastModified": "2023-12-07T06:15:54.683",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en server.js en etcd-browser 87ae63d75260. Al proporcionar una entrada /../../../ Directory Traversal a la solicitud GET de la URL mientras se conecta al puerto del servidor remoto especificado durante la configuraci\u00f3n, un atacante puede recuperar archivos del sistema operativo local desde el sistema remoto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46353.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T23:15:07.243",
"lastModified": "2023-12-06T23:15:07.243",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Product Tag Icons Pro\" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"Product Tag Icons Pro\" (ticones) anterior a 1.8.4 de MyPresta.eu para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo TiconProduct::getTiconByProductAndTicon() tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-463xx/CVE-2023-46354.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T23:15:07.380",
"lastModified": "2023-12-06T23:15:07.380",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Orders (CSV, Excel) Export PRO\" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"Orders (CSV, Excel) Export PRO\" (ordersexport) &lt; 5.2.0 de MyPrestaModules para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones. Debido a la falta de control de permisos, un invitado puede acceder a las exportaciones desde el m\u00f3dulo, lo que puede provocar una filtraci\u00f3n de informaci\u00f3n personal de las tablas ps_customer/ps_address, como nombre/apellido/correo electr\u00f3nico/n\u00famero de tel\u00e9fono/direcci\u00f3n postal completa."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-466xx/CVE-2023-46641.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46641",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:08.007",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Code for Recovery 12 Step Meeting List. Este problema afecta a 12 Step Meeting List: desde n/a hasta 3.14.24."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/12-step-meeting-list/wordpress-12-step-meeting-list-plugin-3-14-24-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-467xx/CVE-2023-46751.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46751",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T20:15:07.163",
"lastModified": "2023-12-06T20:15:07.163",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la funci\u00f3n gdev_prn_open_printer_seekable() en Artifex Ghostscript hasta la versi\u00f3n 10.02.0 que permite a atacantes remotos bloquear la aplicaci\u00f3n mediante un puntero colgante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-468xx/CVE-2023-46857.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.740",
"lastModified": "2023-12-07T06:15:54.740",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation."
},
{
"lang": "es",
"value": "Squidex anterior a 7.9.0 permite XSS a trav\u00e9s de un documento SVG en la funci\u00f3n Cargar activos. Esto ocurre porque hay una lista negra incompleta en la inspecci\u00f3n SVG, lo que permite JavaScript en el atributo SRC de un elemento IFRAME. Se requiere un ataque autenticado con permiso assets.create para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-469xx/CVE-2023-46916.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46916",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.803",
"lastModified": "2023-12-07T06:15:54.803",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor."
},
{
"lang": "es",
"value": "Los dispositivos Maxima Max Pro Power 1.0 486A permiten la reproducci\u00f3n del tr\u00e1fico BLE. Un atacante puede utilizar el identificador de caracter\u00edstica GATT 0x0012 para realizar acciones potencialmente disruptivas, como iniciar un monitor de frecuencia card\u00edaca."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-477xx/CVE-2023-47779.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47779",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:07.820",
"lastModified": "2023-12-07T12:15:07.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-constant-contact/wordpress-integration-for-contact-form-7-and-constant-contact-plugin-1-1-4-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-481xx/CVE-2023-48123.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48123",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T20:15:07.240",
"lastModified": "2023-12-06T20:15:07.240",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file."
},
{
"lang": "es",
"value": "Un problema en Netgate pfSense Plus v.23.05.1 y anteriores y pfSense CE v.2.7.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al archivo packet_capture.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48172.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48172",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.853",
"lastModified": "2023-12-07T06:15:54.853",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a trav\u00e9s del nombre, descripci\u00f3n, t\u00edtulo o par\u00e1metro de direcci\u00f3n en index.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-482xx/CVE-2023-48205.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48205",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.373",
"lastModified": "2023-12-07T07:15:09.373",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails."
},
{
"lang": "es",
"value": "Jorani Leave Management System 1.0.2 permite a un atacante remoto falsificar un encabezado de Host asociado con correos electr\u00f3nicos de restablecimiento de contrase\u00f1a."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-482xx/CVE-2023-48206.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48206",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.557",
"lastModified": "2023-12-07T07:15:09.557",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a trav\u00e9s del par\u00e1metro de p\u00e1gina en login.php o header.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-482xx/CVE-2023-48207.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48207",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.743",
"lastModified": "2023-12-07T07:15:09.743",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component."
},
{
"lang": "es",
"value": "Availability Booking Calendar 5.0 permite la inyecci\u00f3n de CSV a trav\u00e9s del campo de ID \u00fanico en el componente de lista de Reservas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-482xx/CVE-2023-48208.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48208",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:09.900",
"lastModified": "2023-12-07T07:15:09.900",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a trav\u00e9s del par\u00e1metro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, t\u00edtulo o nombre de pa\u00eds en index.php."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-483xx/CVE-2023-48325.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48325",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:08.020",
"lastModified": "2023-12-07T12:15:08.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder \u2013 Lead Page \u2013 Optin Page \u2013 Squeeze Page \u2013 WordPress Landing Pages.This issue affects Landing Page Builder \u2013 Lead Page \u2013 Optin Page \u2013 Squeeze Page \u2013 WordPress Landing Pages: from n/a through 1.5.1.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/page-builder-add/wordpress-landing-page-builder-plugin-1-5-1-5-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-488xx/CVE-2023-48823.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48823",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.090",
"lastModified": "2023-12-07T07:15:10.090",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login."
},
{
"lang": "es",
"value": "Un problema de inyecci\u00f3n de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a trav\u00e9s del par\u00e1metro de correo electr\u00f3nico durante el inicio de sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48824.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48824",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.267",
"lastModified": "2023-12-07T07:15:10.267",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action."
},
{
"lang": "es",
"value": "BoidCMS 2.0.1 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del par\u00e1metro t\u00edtulo, subt\u00edtulo, pie de p\u00e1gina o palabras clave en una acci\u00f3n p\u00e1gina=crear."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48825.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48825",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.417",
"lastModified": "2023-12-07T07:15:10.417",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code."
},
{
"lang": "es",
"value": "Availability Booking Calendar 5.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de la clave API de SMS o el c\u00f3digo de pa\u00eds predeterminado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48826.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.570",
"lastModified": "2023-12-07T07:15:10.570",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List."
},
{
"lang": "es",
"value": "Time Slots Booking Calendar 4.0 es vulnerable a la inyecci\u00f3n de CSV a trav\u00e9s del campo de ID \u00fanico de la Lista de reservas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48827.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48827",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.753",
"lastModified": "2023-12-07T07:15:10.753",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter."
},
{
"lang": "es",
"value": "Time Slots Booking Calendar 4.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48828.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:10.947",
"lastModified": "2023-12-07T07:15:10.947",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter."
},
{
"lang": "es",
"value": "Time Slots Booking Calendar 4.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48830.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48830",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.103",
"lastModified": "2023-12-07T07:15:11.103",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export."
},
{
"lang": "es",
"value": "Shuttle Booking Software 2.0 es vulnerable a la inyecci\u00f3n CSV en la secci\u00f3n Idiomas a trav\u00e9s de una exportaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48831.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.280",
"lastModified": "2023-12-07T07:15:11.280",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48833.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48833",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.437",
"lastModified": "2023-12-07T07:15:11.437",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAJaxSend en Time Slots Booking Calendar 4.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48834.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.580",
"lastModified": "2023-12-07T07:15:11.580",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAjaxSend en Car Rental v3.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48835.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.757",
"lastModified": "2023-12-07T07:15:11.757",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action."
},
{
"lang": "es",
"value": "Car Rental Script v3.0 es vulnerable a la inyecci\u00f3n CSV a trav\u00e9s de una acci\u00f3n Idioma &gt; Etiquetas &gt; Exportar."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48836.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:11.910",
"lastModified": "2023-12-07T07:15:11.910",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter."
},
{
"lang": "es",
"value": "Car Rental Script 3.0 es vulnerable a problemas de M\u00faltiple Coss-Site Scripting (XSS) a trav\u00e9s del par\u00e1metro nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre del pa\u00eds o nombre del cliente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48837.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.073",
"lastModified": "2023-12-07T07:15:12.073",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code."
},
{
"lang": "es",
"value": "Car Rental Script 3.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de una clave API de SMS o un c\u00f3digo de pa\u00eds predeterminado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48838.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.240",
"lastModified": "2023-12-07T07:15:12.240",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code."
},
{
"lang": "es",
"value": "Appointment Scheduler 3.0 es vulnerable a m\u00faltiples problemas de inyecci\u00f3n de HTML a trav\u00e9s de la clave API de SMS o el c\u00f3digo de pa\u00eds predeterminado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48839.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48839",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.397",
"lastModified": "2023-12-07T07:15:12.397",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter."
},
{
"lang": "es",
"value": "Appointment Scheduler 3.0 es vulnerable a M\u00faltiple Coss-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, t\u00edtulo, nombre de pa\u00eds o par\u00e1metro customer_name."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.547",
"lastModified": "2023-12-07T07:15:12.547",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en pjActionAjaxSend en Appointment Scheduler 3.0 permite a los atacantes provocar el agotamiento de los recursos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48841.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48841",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T07:15:12.717",
"lastModified": "2023-12-07T07:15:12.717",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action."
},
{
"lang": "es",
"value": "Appointment Scheduler 3.0 es vulnerable a la inyecci\u00f3n CSV a trav\u00e9s de una acci\u00f3n Idioma &gt; Etiquetas &gt; Exportar."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48860",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T08:15:07.213",
"lastModified": "2023-12-07T08:15:07.213",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code."
},
{
"lang": "es",
"value": "TOTOLINK N300RT versi\u00f3n 3.2.4-B20180730.0906 tiene un RCE de autenticaci\u00f3n posterior debido a un control de acceso incorrecto, lo que permite a los atacantes eludir las restricciones de seguridad del front-end y ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48861",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T08:15:07.297",
"lastModified": "2023-12-07T08:15:07.297",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuestro de DLL en TTplayer versi\u00f3n 7.0.2, permite a atacantes locales escalar privilegios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de urlmon.dll."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-490xx/CVE-2023-49096.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49096",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-06T20:15:07.287",
"lastModified": "2023-12-06T20:15:07.287",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/<itemId>/stream` and `/Videos/<itemId>/stream.<container>` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It\u2019s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn\u2019t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can\u2019t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Jellyfin es un sistema multimedia de software libre para gestionar y transmitir medios. En las versiones afectadas hay una inyecci\u00f3n de argumentos en VideosController, espec\u00edficamente los endpoints `/Videos//stream` y `/Videos//stream.` que est\u00e1n presentes en la versi\u00f3n actual de Jellyfin. Los endpoints adicionales en AudioController tambi\u00e9n pueden ser vulnerables, ya que difieren s\u00f3lo ligeramente en la ejecuci\u00f3n. Un usuario no autenticado puede acceder a esos endpoints. Para aprovechar esta vulnerabilidad, un atacante no autenticado debe adivinar un itemId, que es un GUID completamente aleatorio. Es un caso muy improbable incluso para una gran base de datos de medios con muchos elementos. Sin una filtraci\u00f3n de informaci\u00f3n adicional, esta vulnerabilidad no deber\u00eda ser explotable directamente, incluso si se puede acceder a la instancia desde Internet. Hay muchos par\u00e1metros de consulta que el m\u00e9todo acepta. Al menos dos de ellos, videoCodec y audioCodec, son vulnerables a la inyecci\u00f3n de argumentos. Los valores se pueden rastrear a trav\u00e9s de una gran cantidad de c\u00f3digo y pueden cambiarse en el proceso. Sin embargo, la alternativa es usarlos siempre tal como est\u00e1n, lo que significa que podemos inyectar nuestros propios argumentos. Esos argumentos llegan a la l\u00ednea de comando de FFmpeg. Debido a que UseShellExecute siempre est\u00e1 configurado en falso, no podemos simplemente terminar el comando FFmpeg y ejecutar el nuestro. S\u00f3lo deber\u00eda ser posible agregar argumentos adicionales a FFmpeg, que es lo suficientemente poderoso tal como est\u00e1. Probablemente exista una forma de sobrescribir un archivo arbitrario con contenido malicioso. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 10.8.13. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-492xx/CVE-2023-49225.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49225",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-07T07:15:12.880",
"lastModified": "2023-12-07T07:15:12.880",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site-Scripting en los productos Ruckus Access Point (ZoneDirector, SmartZone y AP Solo). Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el producto. En cuanto a los productos/modelos/versiones afectados, consulte la informaci\u00f3n proporcionada por el proveedor que figura en la secci\u00f3n [Referencias] o la lista en la secci\u00f3n [Estado del producto]."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-497xx/CVE-2023-49746.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49746",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:08.200",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache \u2013 Cache, Optimization, Performance.This issue affects SpeedyCache \u2013 Cache, Optimization, Performance: from n/a through 1.1.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Softaculous Team SpeedyCache \u2013 Cach\u00e9, optimizaci\u00f3n, rendimiento. Este problema afecta a SpeedyCache \u2013 Cach\u00e9, optimizaci\u00f3n, rendimiento: desde n/a hasta 1.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/speedycache/wordpress-speedycache-plugin-1-1-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-501xx/CVE-2023-50164.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50164",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-07T09:15:07.060",
"lastModified": "2023-12-07T09:15:07.060",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or\u00a0 Struts 6.3.0.1 or greater to\u00a0fix this issue.\n"
},
{
"lang": "es",
"value": "Un atacante puede manipular los par\u00e1metros de carga de archivos para permitir path traversal y, en algunas circunstancias, esto puede provocar la carga de un archivo malicioso que puede usarse para realizar la ejecuci\u00f3n remota de c\u00f3digo. Se recomienda a los usuarios actualizar a las versiones Struts 2.5.33 o Struts 6.3.0.1 o superior para solucionar este problema."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-57xx/CVE-2023-5710.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5710",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:06.527",
"lastModified": "2023-12-07T02:15:06.527",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials."
},
{
"lang": "es",
"value": "El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n sd_constants() conectada mediante una acci\u00f3n AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen informaci\u00f3n confidencial, como las credenciales de la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5711.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5711",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:06.770",
"lastModified": "2023-12-07T02:15:06.770",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info."
},
{
"lang": "es",
"value": "El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n sd_php_info() conectada mediante una acci\u00f3n AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, recuperen informaci\u00f3n confidencial proporcionada por PHP info."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5712.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5712",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:06.933",
"lastModified": "2023-12-07T02:15:06.933",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information."
},
{
"lang": "es",
"value": "El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n sd_global_value() conectada mediante una acci\u00f3n AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen informaci\u00f3n confidencial de valor global."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5713.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5713",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:07.110",
"lastModified": "2023-12-07T02:15:07.110",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values."
},
{
"lang": "es",
"value": "El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n sd_option_value() conectada mediante una acci\u00f3n AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen valores de opciones potencialmente confidenciales y deserialicen el contenido de esos valores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5714.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5714",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:07.287",
"lastModified": "2023-12-07T02:15:07.287",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs."
},
{
"lang": "es",
"value": "El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n sd_db_specs() conectada mediante una acci\u00f3n AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen especificaciones de claves de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-57xx/CVE-2023-5761.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5761",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-07T02:15:07.450",
"lastModified": "2023-12-07T02:15:07.450",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Burst Statistics \u2013 Privacy-Friendly Analytics para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'url' en las versiones 1.4.0 a 1.4.6.1 (gratuita) y en las versiones 1.4.0 a 1.5.0 (pro) debido a escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-65xx/CVE-2023-6566.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6566",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-07T00:15:07.120",
"lastModified": "2023-12-07T00:15:07.120",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository microweber/microweber prior to 2.0."
},
{
"lang": "es",
"value": "Errores de l\u00f3gica empresarial en el repositorio de GitHub microweber/microweber anterior a 2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-65xx/CVE-2023-6568.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6568",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-07T05:15:09.347",
"lastModified": "2023-12-07T05:15:09.347",
"vulnStatus": "Received",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0."
},
{
"lang": "es",
"value": "Cross-Site-Scripting (XSS) Reflejadas en el repositorio de GitHub mlflow/mlflow antes de 2.9.0."
}
],
"metrics": {

45
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-07T11:01:03.300972+00:00
2023-12-07T13:00:18.258683+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-07T10:15:07.173000+00:00
2023-12-07T12:15:08.020000+00:00
```
### Last Data Feed Release
@ -29,21 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232474
232482
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `8`
* [CVE-2023-50164](CVE-2023/CVE-2023-501xx/CVE-2023-50164.json) (`2023-12-07T09:15:07.060`)
* [CVE-2022-45362](CVE-2022/CVE-2022-453xx/CVE-2022-45362.json) (`2023-12-07T11:15:07.260`)
* [CVE-2023-41804](CVE-2023/CVE-2023-418xx/CVE-2023-41804.json) (`2023-12-07T11:15:07.807`)
* [CVE-2023-46641](CVE-2023/CVE-2023-466xx/CVE-2023-46641.json) (`2023-12-07T11:15:08.007`)
* [CVE-2023-49746](CVE-2023/CVE-2023-497xx/CVE-2023-49746.json) (`2023-12-07T11:15:08.200`)
* [CVE-2023-35039](CVE-2023/CVE-2023-350xx/CVE-2023-35039.json) (`2023-12-07T12:15:07.360`)
* [CVE-2023-35909](CVE-2023/CVE-2023-359xx/CVE-2023-35909.json) (`2023-12-07T12:15:07.610`)
* [CVE-2023-47779](CVE-2023/CVE-2023-477xx/CVE-2023-47779.json) (`2023-12-07T12:15:07.820`)
* [CVE-2023-48325](CVE-2023/CVE-2023-483xx/CVE-2023-48325.json) (`2023-12-07T12:15:08.020`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `57`
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-12-07T10:15:07.173`)
* [CVE-2023-48824](CVE-2023/CVE-2023-488xx/CVE-2023-48824.json) (`2023-12-07T12:12:27.987`)
* [CVE-2023-48825](CVE-2023/CVE-2023-488xx/CVE-2023-48825.json) (`2023-12-07T12:12:27.987`)
* [CVE-2023-48826](CVE-2023/CVE-2023-488xx/CVE-2023-48826.json) (`2023-12-07T12:12:27.987`)
* [CVE-2023-48827](CVE-2023/CVE-2023-488xx/CVE-2023-48827.json) (`2023-12-07T12:12:27.987`)
* [CVE-2023-46751](CVE-2023/CVE-2023-467xx/CVE-2023-46751.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-48123](CVE-2023/CVE-2023-481xx/CVE-2023-48123.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-49096](CVE-2023/CVE-2023-490xx/CVE-2023-49096.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-46353](CVE-2023/CVE-2023-463xx/CVE-2023-46353.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-46354](CVE-2023/CVE-2023-463xx/CVE-2023-46354.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-6566](CVE-2023/CVE-2023-65xx/CVE-2023-6566.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-46218](CVE-2023/CVE-2023-462xx/CVE-2023-46218.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-5710](CVE-2023/CVE-2023-57xx/CVE-2023-5710.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-5711](CVE-2023/CVE-2023-57xx/CVE-2023-5711.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-5712](CVE-2023/CVE-2023-57xx/CVE-2023-5712.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-5713](CVE-2023/CVE-2023-57xx/CVE-2023-5713.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-5714](CVE-2023/CVE-2023-57xx/CVE-2023-5714.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-5761](CVE-2023/CVE-2023-57xx/CVE-2023-5761.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-40238](CVE-2023/CVE-2023-402xx/CVE-2023-40238.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-28017](CVE-2023/CVE-2023-280xx/CVE-2023-28017.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-41106](CVE-2023/CVE-2023-411xx/CVE-2023-41106.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-41913](CVE-2023/CVE-2023-419xx/CVE-2023-41913.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-6568](CVE-2023/CVE-2023-65xx/CVE-2023-6568.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-43102](CVE-2023/CVE-2023-431xx/CVE-2023-43102.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-43103](CVE-2023/CVE-2023-431xx/CVE-2023-43103.json) (`2023-12-07T12:12:36.717`)
* [CVE-2023-35116](CVE-2023/CVE-2023-351xx/CVE-2023-35116.json) (`2023-12-07T12:13:13.217`)
## Download and Usage