admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-08T03:00:20.135940+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-08 03:00:24 +00:00
parent 0c50ffb69c
commit fbd2699681
44 changed files with 2653 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2021/CVE-2021-336xx/CVE-2021-33634.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-33634",
"sourceIdentifier": "securities@openeuler.org",
"published": "2023-10-29T08:15:20.567",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:52:34.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.\n\n"
},
{
"lang": "es",
"value": "iSulad utiliza el tiempo de ejecuci\u00f3n lcr+lxc (predeterminado) para ejecutar im\u00e1genes maliciosas, lo que puede provocar DOS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "securities@openeuler.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "securities@openeuler.org",
"type": "Secondary",
@ -46,18 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeuler:icr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9-6",
"matchCriteriaId": "2E96C06C-47CA-4E04-B627-5B50BF6EA323"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeuler:icr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.2-3",
"matchCriteriaId": "8AC37313-A13B-4BD1-BFBB-50753C3D3240"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/src-openeuler/lcr/pulls/251/files",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitee.com/src-openeuler/lcr/pulls/257/files",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1692",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2021/CVE-2021-336xx/CVE-2021-33638.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-33638",
"sourceIdentifier": "securities@openeuler.org",
"published": "2023-10-29T08:15:20.823",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:29:32.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
},
{
"lang": "es",
"value": "Cuando el comando isula cp se usa para copiar archivos de un contenedor a una m\u00e1quina host y el contenedor est\u00e1 controlado por un atacante, el atacante puede escapar del contenedor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "securities@openeuler.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "securities@openeuler.org",
"type": "Secondary",
@ -46,18 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeuler:isula:2.0.8-20210518.144540:*:*:*:*:*:*:*",
"matchCriteriaId": "51FA2EC1-A161-4862-A120-CD48ABF49BBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeuler:isula:2.0.18-10:*:*:*:*:*:*:*",
"matchCriteriaId": "8848DE4D-ADA9-4E92-9FB9-DB53D3733173"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeuler:isula:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3205F81-7008-467C-A79A-BBD521231D48"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
"source": "securities@openeuler.org"
"source": "securities@openeuler.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2022/CVE-2022-348xx/CVE-2022-34832.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2022-34832",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T21:15:08.167",
"lastModified": "2023-10-29T01:44:42.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:07:11.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en VERMEG AgileReporter 21.3. XXE puede ocurrir a trav\u00e9s de un documento XML en el componente An\u00e1lisis."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vermeg:agile_reporter:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C71FD5-FBEA-412E-A9DE-CED9E684AEBF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://crashpark.weebly.com/blog/xxe-in-agilereporter-213-by-vermeg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.vermeg.com/agile-reporter/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

73
CVE-2022/CVE-2022-348xx/CVE-2022-34833.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2022-34833",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T21:15:08.213",
"lastModified": "2023-10-29T01:44:42.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:08:18.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en VERMEG AgileReporter 21.3. Un administrador puede ingresar un payload XSS en el componente An\u00e1lisis."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vermeg:agile_reporter:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C71FD5-FBEA-412E-A9DE-CED9E684AEBF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://crashpark.weebly.com/blog/1-stored-xss-in-agilereporter-213-by-vermeg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.vermeg.com/agile-reporter/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

73
CVE-2022/CVE-2022-348xx/CVE-2022-34834.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2022-34834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T21:15:08.260",
"lastModified": "2023-10-29T01:44:42.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:13:09.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en VERMEG AgileReporter 21.3. Los atacantes pueden obtener privilegios a trav\u00e9s de un payload XSS en una acci\u00f3n Agregar Comentario al registro de Actividad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vermeg:agile_reporter:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C71FD5-FBEA-412E-A9DE-CED9E684AEBF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://crashpark.weebly.com/blog/2-stored-xss-in-agilereporter-213-by-vermeg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.vermeg.com/agile-reporter/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

56
CVE-2023/CVE-2023-240xx/CVE-2023-24000.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-24000",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T14:15:11.383",
"lastModified": "2023-10-31T14:23:18.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:18:32.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en GamiPress gamipress permite la inyecci\u00f3n SQL. Este problema afecta a GamiPress: desde n/a hasta 2.5.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gamipress:gamipress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.7",
"matchCriteriaId": "70911DF7-B7AA-4493-BC1B-507A82608E80"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-7-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-250xx/CVE-2023-25045.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25045",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T14:15:11.483",
"lastModified": "2023-10-31T14:23:18.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:18:12.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en David F. Carr RSVPMaker permite la inyecci\u00f3n SQL. Este problema afecta a RSVPMaker: desde n/a hasta 9.9.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-89"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.9.3",
"matchCriteriaId": "D29286D5-6E9E-454B-8102-6FBD112561DC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-250xx/CVE-2023-25047.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-25047",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T14:15:11.560",
"lastModified": "2023-10-31T14:23:18.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:17:54.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en David F. Carr RSVPMaker rsvpmaker permite la inyecci\u00f3n SQL. Este problema afecta a RSVPMaker: desde n/a hasta 9.9.3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.9.3",
"matchCriteriaId": "D29286D5-6E9E-454B-8102-6FBD112561DC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-278xx/CVE-2023-27846.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27846",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.057",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:50:09.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL encontrada en PrestaShop themevolty v.4.0.8 y anteriores, permite a un atacante remoto obtener privilegios a trav\u00e9s de los componentes tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_blog:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "4.0.8",
"matchCriteriaId": "01B98200-282C-4D11-9512-7B84FB16398C"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/25/tvcmsblog.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-287xx/CVE-2023-28777.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-28777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T14:15:11.627",
"lastModified": "2023-10-31T14:23:15.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:16:50.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en LearnDash LearnDash LMS permite la inyecci\u00f3n SQL. Este problema afecta a LearnDash LMS: desde n/a hasta 4.5.3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.5.3",
"matchCriteriaId": "C7F9A918-D3B5-488E-A417-FCE3F86D6757"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sfwd-lms/wordpress-learndash-lms-plugin-4-5-3-contributor-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-317xx/CVE-2023-31794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31794",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T01:15:07.497",
"lastModified": "2023-11-07T04:14:23.560",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T02:46:13.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "Se descubri\u00f3 que MuPDF v1.21.1 contiene una recursividad infinita en el componente pdf_mark_list_push. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo PDF manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:mupdf:1.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E61096B9-A405-4512-AD1E-7FEE96CFF38B"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=706506",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://gist.github.com/spookhorror/c770d118767b1b0d89fdfe2845169d06",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://git.ghostscript.com/?p=mupdf.git%3Bh=c0015401693b58e2deb5d75c39f27bc1216e47c6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

73
CVE-2023/CVE-2023-357xx/CVE-2023-35794.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-35794",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-27T21:15:08.513",
"lastModified": "2023-10-29T01:44:42.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:20:56.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Cassia Access Controller 2.1.1.2303271039. Se puede acceder al endpoint del terminal Web SSH (consola generada) sin autenticaci\u00f3n. Espec\u00edficamente, no existe una validaci\u00f3n de cookies de sesi\u00f3n en el Controlador de Acceso; en cambio, solo existe Autenticaci\u00f3n B\u00e1sica para la consola SSH."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cassianetworks:access_controller:2.1.1.2303271039:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4C512A-48EB-43EB-9CAA-CE05673F71D5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.cassianetworks.com/products/iot-access-controller/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

14
CVE-2023/CVE-2023-393xx/CVE-2023-39331.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39331",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.257",
"lastModified": "2023-11-03T22:15:10.167",
"lastModified": "2023-11-08T01:15:07.700",
"vulnStatus": "Modified",
"descriptions": [
{
@ -97,18 +97,6 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
"source": "support@hackerone.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
"source": "support@hackerone.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
"source": "support@hackerone.com"
}
]
}

47
CVE-2023/CVE-2023-406xx/CVE-2023-40681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40681",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.710",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:25:32.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:groundhogg:groundhogg:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.7.11.11",
"matchCriteriaId": "9933E4EB-39C6-4C17-B6E9-E8324712C010"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/groundhogg/wordpress-groundhogg-plugin-2-7-11-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-406xx/CVE-2023-40685.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40685",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-29T02:15:07.693",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:42:58.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116."
},
{
"lang": "es",
"value": "Management Central como parte de IBM i 7.2, 7.3, 7.4 y 7.5 Navigator contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la l\u00ednea de comandos del sistema operativo puede aprovechar esta vulnerabilidad para elevar los privilegios y obtener acceso root al sistema operativo. ID de IBM X-Force: 264116."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264116",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7060686",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-406xx/CVE-2023-40686.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40686",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-29T01:15:40.920",
"lastModified": "2023-10-29T01:44:12.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:31:49.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114."
},
{
"lang": "es",
"value": "Management Central como parte de IBM i 7.2, 7.3, 7.4 y 7.5 Navigator contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la l\u00ednea de comandos del sistema operativo puede aprovechar esta vulnerabilidad para elevar los privilegios y obtener acceso a los componentes del sistema operativo. ID de IBM X-Force: 264114."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264114",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7060686",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-40xx/CVE-2023-4061.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-4061",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-08T01:15:08.693",
"lastModified": "2023-11-08T01:15:08.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:5484",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5485",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5486",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5488",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4061",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608",
"source": "secalert@redhat.com"
}
]
}

57
CVE-2023/CVE-2023-410xx/CVE-2023-41096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41096",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-10-26T14:15:08.720",
"lastModified": "2023-10-26T15:32:23.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:48:37.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{
"source": "product-security@silabs.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
},
{
"source": "product-security@silabs.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:emberznet_sdk:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.3.1.0",
"matchCriteriaId": "B33DB8D2-920F-4929-9C3F-E50CB6E11489"
}
]
}
]
}
],
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1",
"source": "product-security@silabs.com"
"source": "product-security@silabs.com",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-424xx/CVE-2023-42431.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42431",
"sourceIdentifier": "security@bluespice.com",
"published": "2023-10-30T11:15:39.267",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:33:22.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la extensi\u00f3n BlueSpiceAvatars de BlueSpice permite al usuario que ha iniciado sesi\u00f3n inyectar HTML arbitrario en el cuadro de di\u00e1logo de la imagen de perfil en Especial:Preferencias. Esto s\u00f3lo se aplica al contexto del usuario genuino."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@bluespice.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@bluespice.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "3.2.10.1",
"matchCriteriaId": "BF1F2433-46DE-4702-8E7F-86EDC716AA5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.3.3",
"matchCriteriaId": "FFF74443-3D2C-489C-803F-3FA8F09FBE0A"
}
]
}
]
}
],
"references": [
{
"url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2023-02",
"source": "security@bluespice.com"
"source": "security@bluespice.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-453xx/CVE-2023-45378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T04:15:11.207",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:56:41.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "En el m\u00f3dulo \"PrestaBlog\" (prestablog) versi\u00f3n 4.4.7 y anteriores de HDclic para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL. El script ajax slider_positions.php tiene una llamada SQL sensible que puede ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hdclic:prestablog:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "4.4.8",
"matchCriteriaId": "52AF57AA-FC8E-4B0F-94BD-89529BE9E58F"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/26/prestablog.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-457xx/CVE-2023-45798.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45798",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-10-30T07:15:12.887",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:44:41.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution."
},
{
"lang": "es",
"value": "En Yettiesoft VestCert versiones 2.36 a 2.5.29, existe una vulnerabilidad debido a una validaci\u00f3n incorrecta de m\u00f3dulos de terceros. Esto permite a actores malintencionados cargar m\u00f3dulos arbitrarios de terceros, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yettiesoft:vestcert:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.6",
"versionEndExcluding": "2.5.30",
"matchCriteriaId": "1D6DCAAF-2C0B-4D2B-8651-8516A8BCB32C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-457xx/CVE-2023-45799.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45799",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-10-30T07:15:12.977",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:43:07.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "En las versiones 8.0.22.1115 y anteriores de MLSoft TCO!stream, existe una vulnerabilidad debido a una validaci\u00f3n de permisos insuficiente. Esto permite que un atacante haga que la v\u00edctima descargue y ejecute archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-494"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mlsoft:tco\\!stream:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.23.215",
"matchCriteriaId": "1D22687C-247C-4E59-9E04-41E4A3713236"
}
]
}
]
}
],
"references": [
{
"url": "https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020",
"source": "vuln@krcert.or.kr"
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-460xx/CVE-2023-46040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46040",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T02:15:08.007",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:48:09.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de Cross Site Scripting en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para la funci\u00f3n componentes.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:get-simple:getsimplecms:3.4.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED93A4AA-FDB3-48EE-A119-F6C785DD3CEB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Num-Nine/CVE/wiki/GetSimplecms-exists-to-store-xss",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-463xx/CVE-2023-46312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46312",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.793",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:24:43.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.5",
"matchCriteriaId": "34F55D3B-2C9C-4734-8305-3B315D688569"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-463xx/CVE-2023-46313.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46313",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.867",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:24:23.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:katieseaborn:zotpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.3.5",
"matchCriteriaId": "74451B4F-FF43-4E39-8B04-F25ACAD28641"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zotpress/wordpress-zotpress-plugin-7-3-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-466xx/CVE-2023-46622.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46622",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-31T10:15:08.940",
"lastModified": "2023-10-31T12:58:27.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:23:55.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-pizza:wppizza:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.18.3",
"matchCriteriaId": "B9059EBD-5C6C-4936-8C6C-087964726CBB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wppizza/wordpress-wppizza-plugin-3-18-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-468xx/CVE-2023-46854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46854",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-28T22:15:08.467",
"lastModified": "2023-11-07T04:21:59.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T02:06:46.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -38,18 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proxmox:proxmox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.9",
"matchCriteriaId": "C31B25DD-59A2-4F21-A355-667746475532"
}
]
}
]
}
],
"references": [
{
"url": "https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-468xx/CVE-2023-46862.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-46862",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-29T04:15:11.363",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:57:10.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el kernel de Linux hasta 6.5.9. Durante una ejecuci\u00f3n con salida de hilo SQ, puede ocurrir una desreferencia del puntero NULL io_uring/fdinfo.c io_uring_show_fdinfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.9",
"matchCriteriaId": "1073EEBD-8196-4622-832A-B8B8102E97EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

76
CVE-2023/CVE-2023-468xx/CVE-2023-46865.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-46865",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T01:15:21.967",
"lastModified": "2023-10-30T11:54:30.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:55:56.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image."
},
{
"lang": "es",
"value": "/api/v1/company/upload-logo en CompanyController.php en crater hasta 6.0.6 permite a un superadministrador ejecutar c\u00f3digo PHP arbitrario colocando este c\u00f3digo en un fragmento IDAT image/png de una imagen del Logotipo de la Empresa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craterapp:crater:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.6",
"matchCriteriaId": "3D402EFB-A3FF-49C9-81E8-EF904A46277E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/crater-invoice/crater/issues/1267",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/crater-invoice/crater/pull/1271",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

80
CVE-2023/CVE-2023-469xx/CVE-2023-46976.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46976",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T14:15:11.697",
"lastModified": "2023-10-31T14:23:15.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:59:30.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function."
},
{
"lang": "es",
"value": "TOTOLINK A3300R 17.0.0cu.557_B20221024 contiene una inyecci\u00f3n de comando a trav\u00e9s del par\u00e1metro file_name en la funci\u00f3n UploadFirmwareFile."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*",
"matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-469xx/CVE-2023-46977.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46977",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T14:15:11.737",
"lastModified": "2023-10-31T14:23:15.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:59:08.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK LR1200GB V9.1.0u.6619_B20230130 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de contrase\u00f1a en la funci\u00f3n loginAuth."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*",
"matchCriteriaId": "00F36DE9-D043-4C8B-9EF9-8DA669589E85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442849E-5B06-41A1-8DA8-827FBD7A34E5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20LR1200GB/1/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-469xx/CVE-2023-46978.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46978",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T14:15:11.780",
"lastModified": "2023-10-31T14:23:15.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:58:11.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication."
},
{
"lang": "es",
"value": "TOTOLINK X6000R V9.4.0cu.852_B20230719 es vulnerable a un control de acceso incorrecto. Los atacantes pueden restablecer la contrase\u00f1a de inicio de sesi\u00f3n y las contrase\u00f1as de WIFI sin autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/1/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-469xx/CVE-2023-46979.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-46979",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T14:15:11.820",
"lastModified": "2023-10-31T14:23:15.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:56:22.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK X6000R V9.4.0cu.852_B20230719 contiene una vulnerabilidad de inyecci\u00f3n de comando a trav\u00e9s del par\u00e1metro enable en la funci\u00f3n setLedCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:*",
"matchCriteriaId": "846390E3-B033-4B17-A141-49E30AF76264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/2/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-52xx/CVE-2023-5250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5250",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.383",
"lastModified": "2023-11-07T04:23:39.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T02:30:14.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:g5theme:grid_plus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "F8358BF7-748B-4460-921F-BD9248D46983"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/grid.plus.base.class.php#L19",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6407792-2c76-4149-a9f9-d53002135bec?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-52xx/CVE-2023-5251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5251",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.457",
"lastModified": "2023-11-07T04:23:40.197",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T02:15:53.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -38,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:g5theme:grid_plus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "F8358BF7-748B-4460-921F-BD9248D46983"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L10",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L69",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-52xx/CVE-2023-5252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5252",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.530",
"lastModified": "2023-11-07T04:23:40.427",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T02:12:53.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fareharbor:fareharbor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6.7",
"matchCriteriaId": "877E87D1-A9AB-4524-A548-EAA842F5705B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/fareharbor/tags/3.6.7/fareharbor.php#L287",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-53xx/CVE-2023-5315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5315",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.597",
"lastModified": "2023-11-07T04:23:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-08T02:11:12.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matthewschwartz:google_maps_made_simple:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.6",
"matchCriteriaId": "B8D7C67D-6139-4B9A-985F-4D8DF1D43C8D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-gmappity-easy-google-maps/tags/0.6/wpgmappity-metadata.php#L127",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-58xx/CVE-2023-5839.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5839",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-29T01:15:41.213",
"lastModified": "2023-10-29T01:44:12.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:35:41.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9."
},
{
"lang": "es",
"value": "Encadenamiento de privilegios en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.9",
"matchCriteriaId": "EDFF62A9-BDE1-42AE-8DF1-8683C0C8113F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-58xx/CVE-2023-5840.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5840",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-29T01:15:41.283",
"lastModified": "2023-10-29T01:44:12.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T01:59:30.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9."
},
{
"lang": "es",
"value": "Mecanismo d\u00e9bil de recuperaci\u00f3n de contrase\u00f1a para contrase\u00f1a olvidada en el repositorio de GitHub linkstackorg/linkstack anterior a v4.2.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linkstack:linkstack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.9",
"matchCriteriaId": "709F3049-BCBF-490A-9067-8874199BD9F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/linkstackorg/linkstack/commit/fe7b99eae88f9e4c4cd4b00bab372cbf4b584b16",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/8042d8c3-650e-4c0d-9146-d9ccf6082b30",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-58xx/CVE-2023-5861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5861",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.630",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:14:25.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -40,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +70,52 @@
"value": "CWE-79"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "1CF90546-1596-44C3-8F49-77B4CDD14DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-58xx/CVE-2023-5863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5863",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.757",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:12:17.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.2",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-58xx/CVE-2023-5864.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5864",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:07.817",
"lastModified": "2023-10-31T12:58:37.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:12:07.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.1",
"matchCriteriaId": "A0F6B11D-C89E-4C4F-A2CA-9CB3F83C8AD3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-58xx/CVE-2023-5867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5867",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-31T01:15:08.020",
"lastModified": "2023-10-31T12:58:31.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-08T02:09:51.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.2",
"matchCriteriaId": "ABD3B984-C15B-43BF-ADE8-2AF970E88C8C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-08T00:55:21.260431+00:00
2023-11-08T03:00:20.135940+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-08T00:54:34.267000+00:00
2023-11-08T02:59:30.833000+00:00
```
### Last Data Feed Release
@ -23,54 +23,51 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-11-07T01:00:13.561028+00:00
2023-11-08T01:00:13.554656+00:00
```
### Total Number of included CVEs
```plain
230096
230097
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `1`
* [CVE-2023-43984](CVE-2023/CVE-2023-439xx/CVE-2023-43984.json) (`2023-11-07T23:15:07.680`)
* [CVE-2023-45380](CVE-2023/CVE-2023-453xx/CVE-2023-45380.json) (`2023-11-07T23:15:07.780`)
* [CVE-2023-6001](CVE-2023/CVE-2023-60xx/CVE-2023-6001.json) (`2023-11-08T00:15:07.620`)
* [CVE-2023-6002](CVE-2023/CVE-2023-60xx/CVE-2023-6002.json) (`2023-11-08T00:15:08.360`)
* [CVE-2023-4061](CVE-2023/CVE-2023-40xx/CVE-2023-4061.json) (`2023-11-08T01:15:08.693`)
### CVEs modified in the last Commit
Recently modified CVEs: `38`
Recently modified CVEs: `42`
* [CVE-2023-42323](CVE-2023/CVE-2023-423xx/CVE-2023-42323.json) (`2023-11-07T23:09:02.373`)
* [CVE-2023-5349](CVE-2023/CVE-2023-53xx/CVE-2023-5349.json) (`2023-11-07T23:10:48.580`)
* [CVE-2023-47104](CVE-2023/CVE-2023-471xx/CVE-2023-47104.json) (`2023-11-07T23:11:46.987`)
* [CVE-2023-42804](CVE-2023/CVE-2023-428xx/CVE-2023-42804.json) (`2023-11-07T23:17:42.680`)
* [CVE-2023-42803](CVE-2023/CVE-2023-428xx/CVE-2023-42803.json) (`2023-11-07T23:25:21.980`)
* [CVE-2023-41891](CVE-2023/CVE-2023-418xx/CVE-2023-41891.json) (`2023-11-07T23:26:21.683`)
* [CVE-2023-47101](CVE-2023/CVE-2023-471xx/CVE-2023-47101.json) (`2023-11-07T23:53:29.037`)
* [CVE-2023-47090](CVE-2023/CVE-2023-470xx/CVE-2023-47090.json) (`2023-11-08T00:15:54.567`)
* [CVE-2023-36920](CVE-2023/CVE-2023-369xx/CVE-2023-36920.json) (`2023-11-08T00:16:23.700`)
* [CVE-2023-4964](CVE-2023/CVE-2023-49xx/CVE-2023-4964.json) (`2023-11-08T00:16:34.233`)
* [CVE-2023-44323](CVE-2023/CVE-2023-443xx/CVE-2023-44323.json) (`2023-11-08T00:23:53.110`)
* [CVE-2023-5898](CVE-2023/CVE-2023-58xx/CVE-2023-5898.json) (`2023-11-08T00:26:06.370`)
* [CVE-2023-5899](CVE-2023/CVE-2023-58xx/CVE-2023-5899.json) (`2023-11-08T00:26:14.793`)
* [CVE-2023-46215](CVE-2023/CVE-2023-462xx/CVE-2023-46215.json) (`2023-11-08T00:45:55.787`)
* [CVE-2023-5426](CVE-2023/CVE-2023-54xx/CVE-2023-5426.json) (`2023-11-08T00:48:02.973`)
* [CVE-2023-40140](CVE-2023/CVE-2023-401xx/CVE-2023-40140.json) (`2023-11-08T00:49:07.443`)
* [CVE-2023-40139](CVE-2023/CVE-2023-401xx/CVE-2023-40139.json) (`2023-11-08T00:51:24.077`)
* [CVE-2023-45336](CVE-2023/CVE-2023-453xx/CVE-2023-45336.json) (`2023-11-08T00:52:59.970`)
* [CVE-2023-45337](CVE-2023/CVE-2023-453xx/CVE-2023-45337.json) (`2023-11-08T00:53:05.587`)
* [CVE-2023-45339](CVE-2023/CVE-2023-453xx/CVE-2023-45339.json) (`2023-11-08T00:53:10.663`)
* [CVE-2023-45340](CVE-2023/CVE-2023-453xx/CVE-2023-45340.json) (`2023-11-08T00:53:16.033`)
* [CVE-2023-45341](CVE-2023/CVE-2023-453xx/CVE-2023-45341.json) (`2023-11-08T00:53:21.763`)
* [CVE-2023-45342](CVE-2023/CVE-2023-453xx/CVE-2023-45342.json) (`2023-11-08T00:53:30.717`)
* [CVE-2023-45343](CVE-2023/CVE-2023-453xx/CVE-2023-45343.json) (`2023-11-08T00:53:35.723`)
* [CVE-2023-46510](CVE-2023/CVE-2023-465xx/CVE-2023-46510.json) (`2023-11-08T00:54:34.267`)
* [CVE-2023-5863](CVE-2023/CVE-2023-58xx/CVE-2023-5863.json) (`2023-11-08T02:12:17.687`)
* [CVE-2023-5252](CVE-2023/CVE-2023-52xx/CVE-2023-5252.json) (`2023-11-08T02:12:53.770`)
* [CVE-2023-5861](CVE-2023/CVE-2023-58xx/CVE-2023-5861.json) (`2023-11-08T02:14:25.697`)
* [CVE-2023-5251](CVE-2023/CVE-2023-52xx/CVE-2023-5251.json) (`2023-11-08T02:15:53.437`)
* [CVE-2023-28777](CVE-2023/CVE-2023-287xx/CVE-2023-28777.json) (`2023-11-08T02:16:50.020`)
* [CVE-2023-25047](CVE-2023/CVE-2023-250xx/CVE-2023-25047.json) (`2023-11-08T02:17:54.997`)
* [CVE-2023-25045](CVE-2023/CVE-2023-250xx/CVE-2023-25045.json) (`2023-11-08T02:18:12.263`)
* [CVE-2023-24000](CVE-2023/CVE-2023-240xx/CVE-2023-24000.json) (`2023-11-08T02:18:32.077`)
* [CVE-2023-46622](CVE-2023/CVE-2023-466xx/CVE-2023-46622.json) (`2023-11-08T02:23:55.480`)
* [CVE-2023-46313](CVE-2023/CVE-2023-463xx/CVE-2023-46313.json) (`2023-11-08T02:24:23.733`)
* [CVE-2023-46312](CVE-2023/CVE-2023-463xx/CVE-2023-46312.json) (`2023-11-08T02:24:43.287`)
* [CVE-2023-40681](CVE-2023/CVE-2023-406xx/CVE-2023-40681.json) (`2023-11-08T02:25:32.920`)
* [CVE-2023-5250](CVE-2023/CVE-2023-52xx/CVE-2023-5250.json) (`2023-11-08T02:30:14.437`)
* [CVE-2023-42431](CVE-2023/CVE-2023-424xx/CVE-2023-42431.json) (`2023-11-08T02:33:22.657`)
* [CVE-2023-5839](CVE-2023/CVE-2023-58xx/CVE-2023-5839.json) (`2023-11-08T02:35:41.650`)
* [CVE-2023-45799](CVE-2023/CVE-2023-457xx/CVE-2023-45799.json) (`2023-11-08T02:43:07.770`)
* [CVE-2023-45798](CVE-2023/CVE-2023-457xx/CVE-2023-45798.json) (`2023-11-08T02:44:41.433`)
* [CVE-2023-31794](CVE-2023/CVE-2023-317xx/CVE-2023-31794.json) (`2023-11-08T02:46:13.053`)
* [CVE-2023-46040](CVE-2023/CVE-2023-460xx/CVE-2023-46040.json) (`2023-11-08T02:48:09.133`)
* [CVE-2023-27846](CVE-2023/CVE-2023-278xx/CVE-2023-27846.json) (`2023-11-08T02:50:09.210`)
* [CVE-2023-46979](CVE-2023/CVE-2023-469xx/CVE-2023-46979.json) (`2023-11-08T02:56:22.127`)
* [CVE-2023-45378](CVE-2023/CVE-2023-453xx/CVE-2023-45378.json) (`2023-11-08T02:56:41.480`)
* [CVE-2023-46978](CVE-2023/CVE-2023-469xx/CVE-2023-46978.json) (`2023-11-08T02:58:11.953`)
* [CVE-2023-46977](CVE-2023/CVE-2023-469xx/CVE-2023-46977.json) (`2023-11-08T02:59:08.010`)
* [CVE-2023-46976](CVE-2023/CVE-2023-469xx/CVE-2023-46976.json) (`2023-11-08T02:59:30.833`)
## Download and Usage