admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-17T15:00:17.971726+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-17 15:00:21 +00:00
parent c41f800e35
commit fe3abca775
76 changed files with 1810 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-114xx/CVE-2020-11447.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-11447",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T12:15:06.967",
"lastModified": "2023-11-17T12:15:06.967",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Bell HomeHub 3000 SG48222070. Los usuarios autenticados remotamente pueden recuperar el n\u00famero de serie a trav\u00e9s de cgi/json-req; esto es una filtraci\u00f3n de informaci\u00f3n porque el n\u00famero de serie pretende demostrar el acceso f\u00edsico de un actor al dispositivo."
}
],
"metrics": {},

8
CVE-2020/CVE-2020-114xx/CVE-2020-11448.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-11448",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T12:15:07.030",
"lastModified": "2023-11-17T12:15:07.030",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Bell HomeHub 3000 SG48222070. Hay XSS relacionado con el campo de correo electr\u00f3nico y la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-222xx/CVE-2023-22268.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22268",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:07.693",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-222xx/CVE-2023-22272.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22272",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:07.897",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-222xx/CVE-2023-22273.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22273",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.097",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-222xx/CVE-2023-22274.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22274",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.277",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-222xx/CVE-2023-22275.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22275",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.467",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26347.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26347",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:20.867",
"lastModified": "2023-11-17T14:15:20.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26364.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26364",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:21.083",
"lastModified": "2023-11-17T14:15:21.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
"source": "psirt@adobe.com"
}
]
}

8
CVE-2023/CVE-2023-381xx/CVE-2023-38130.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38130",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-17T05:15:12.300",
"lastModified": "2023-11-17T05:15:12.300",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CubeCart anterior a 6.5.3 permite que un atacante remoto no autenticado elimine datos en el sistema."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38313.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38313",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.427",
"lastModified": "2023-11-17T06:15:33.427",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de 10.1.2. tiene una desreferencia de puntero NULL do_binauth que se puede activar con una solicitud GET HTTP manipulada con un par\u00e1metro de cadena de consulta de redireccionamiento de cliente faltante. Al desencadenar este problema, openNDS falla (una condici\u00f3n de denegaci\u00f3n de servicio). El problema ocurre cuando el cliente est\u00e1 a punto de ser autenticado y solo puede activarse cuando la opci\u00f3n BinAuth est\u00e1 configurada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38314.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.530",
"lastModified": "2023-11-17T06:15:33.530",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero NULL en preauthentiated() que se puede activar con una solicitud GET HTTP manipulada con un par\u00e1metro de cadena de consulta de redireccionamiento faltante. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38315.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38315",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.577",
"lastModified": "2023-11-17T06:15:33.577",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero try_to_authenticate NULL que se puede activar con un GET HTTP manipulado con un par\u00e1metro de cadena de consulta de token de cliente faltante. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38316.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38316",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.617",
"lastModified": "2023-11-17T06:15:33.617",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Cuando la devoluci\u00f3n de llamada personalizada sin escape est\u00e1 habilitada, los atacantes pueden ejecutar comandos arbitrarios del sistema operativo insert\u00e1ndolos en la parte URL de las solicitudes HTTP GET."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38320.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.667",
"lastModified": "2023-11-17T06:15:33.667",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia del puntero NULL show_preauthpage que se puede activar con un GET HTTP manipulado al que le falta un encabezado User-Agent. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38322.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.720",
"lastModified": "2023-11-17T06:15:33.720",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero NULL do_binauth que se activa con una solicitud GET HTTP manipulada a la que le falta un encabezado HTTP User-Agent. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio). El problema ocurre cuando el cliente est\u00e1 a punto de ser autenticado y solo puede activarse cuando la opci\u00f3n BinAuth est\u00e1 configurada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38324.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38324",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:33.760",
"lastModified": "2023-11-17T06:15:33.760",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Permite a los usuarios omitir la secuencia de la p\u00e1gina de presentaci\u00f3n cuando usan la clave FAS predeterminada y cuando OpenNDS est\u00e1 configurado como FAS (predeterminado)."
}
],
"metrics": {},

77
CVE-2023/CVE-2023-383xx/CVE-2023-38363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38363",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-13T02:15:08.663",
"lastModified": "2023-11-13T17:15:07.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:50:18.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -38,14 +58,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260818",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7067987",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-395xx/CVE-2023-39544.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39544",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-17T06:15:33.810",
"lastModified": "2023-11-17T06:15:33.810",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-395xx/CVE-2023-39545.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39545",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-17T06:15:33.880",
"lastModified": "2023-11-17T06:15:33.880",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-395xx/CVE-2023-39546.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39546",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-17T06:15:33.947",
"lastModified": "2023-11-17T06:15:33.947",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-395xx/CVE-2023-39547.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39547",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-17T06:15:34.017",
"lastModified": "2023-11-17T06:15:34.017",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-395xx/CVE-2023-39548.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39548",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-11-17T06:15:34.077",
"lastModified": "2023-11-17T06:15:34.077",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"metrics": {},

47
CVE-2023/CVE-2023-403xx/CVE-2023-40335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40335",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T10:15:07.540",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:36:37.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberws:cleverwise_daily_quotes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2",
"matchCriteriaId": "111BA33D-AC43-4713-90E7-1C946C76FA39"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cleverwise-daily-quotes/wordpress-cleverwise-daily-quotes-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-411xx/CVE-2023-41101.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41101",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:34.137",
"lastModified": "2023-11-17T06:15:34.137",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el portal cautivo en OpenNDS antes de la versi\u00f3n 10.1.3. get_query en http_microhttpd.c no valida la longitud de la cadena de consulta de las solicitudes GET. Esto provoca un desbordamiento del b\u00fafer basado en pila en las versiones 9.x y anteriores, y un desbordamiento del b\u00fafer basado en pila en las versiones 10.x y posteriores. Los atacantes pueden aprovechar el problema para bloquear OpenNDS (condici\u00f3n de denegaci\u00f3n de servicio) o para inyectar y ejecutar c\u00f3digo de bytes arbitrario (ejecuci\u00f3n remota de c\u00f3digo)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-411xx/CVE-2023-41102.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T06:15:34.180",
"lastModified": "2023-11-17T06:15:34.180",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el portal cautivo en OpenNDS antes de la versi\u00f3n 10.1.3. Tiene m\u00faltiples p\u00e9rdidas de memoria debido a que no libera la memoria asignada. Esto puede provocar una condici\u00f3n de denegaci\u00f3n de servicio debido al consumo de toda la memoria disponible."
}
],
"metrics": {},

51
CVE-2023/CVE-2023-412xx/CVE-2023-41239.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41239",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T03:15:09.347",
"lastModified": "2023-11-13T03:16:20.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:19:04.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en el complemento Blubrry PowerPress Podcasting de Blubrry. Este problema afecta al complemento PowerPress Podcasting de Blubrry: desde n/a hasta 11.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "11.0.6",
"matchCriteriaId": "35409F83-CDC1-4B22-B9F4-744FD6943C53"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-419xx/CVE-2023-41983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41983",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:10.110",
"lastModified": "2023-11-15T21:15:07.880",
"vulnStatus": "Modified",
"lastModified": "2023-11-17T13:15:08.653",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -173,6 +173,10 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5557",
"source": "product-security@apple.com"
}
]
}

8
CVE-2023/CVE-2023-424xx/CVE-2023-42428.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42428",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-17T05:15:12.477",
"lastModified": "2023-11-17T05:15:12.477",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos eliminar directorios y archivos en el sistema."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42852",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-25T19:15:10.843",
"lastModified": "2023-11-15T21:15:07.957",
"vulnStatus": "Modified",
"lastModified": "2023-11-17T13:15:08.837",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -217,6 +217,10 @@
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5557",
"source": "product-security@apple.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44324.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44324",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T13:15:08.927",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/framemaker/apsb23-58.html",
"source": "psirt@adobe.com"
}
]
}

8
CVE-2023/CVE-2023-443xx/CVE-2023-44325.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44325",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T09:15:23.053",
"lastModified": "2023-11-17T09:15:23.053",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.0.2 (y anteriores) de Adobe Animate se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44326.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44326",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T09:15:23.407",
"lastModified": "2023-11-17T09:15:23.407",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 3.4.9 (y anteriores) de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

55
CVE-2023/CVE-2023-443xx/CVE-2023-44350.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44350",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:21.293",
"lastModified": "2023-11-17T14:15:21.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44351.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44351",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:21.490",
"lastModified": "2023-11-17T14:15:21.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44352.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44352",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:21.693",
"lastModified": "2023-11-17T14:15:21.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44353.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44353",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:21.890",
"lastModified": "2023-11-17T14:15:21.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44355.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44355",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:22.083",
"lastModified": "2023-11-17T14:15:22.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
}
]
}

8
CVE-2023/CVE-2023-453xx/CVE-2023-45382.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T02:15:26.387",
"lastModified": "2023-11-17T02:15:26.387",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"SoNice Retour\" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system."
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"SoNice Retour\" (sonice_retour) hasta la versi\u00f3n 2.1.0 de Common-Services para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones realizando un ataque de Path Traversal. Debido a la falta de control de permisos y a la falta de control en la construcci\u00f3n del nombre de la ruta, un invitado puede realizar un Path Traversal para ver todos los archivos en el sistema de informaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-453xx/CVE-2023-45387.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45387",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T02:15:26.460",
"lastModified": "2023-11-17T02:15:26.460",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Product Catalog (CSV, Excel, XML) Export PRO\" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`"
},
{
"lang": "es",
"value": "En el m\u00f3dulo \"Product Catalog (CSV, Excel, XML) Export PRO\" (exportproducts) en versiones hasta 5.0.0 de MyPrestaModules para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL a trav\u00e9s de `exportProduct::_addDataToDb().`"
}
],
"metrics": {},

47
CVE-2023/CVE-2023-460xx/CVE-2023-46092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46092",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-13T10:15:07.747",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:31:28.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lionscripts:webmaster_tools:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "4F01BD8B-1C9C-46E2-B36C-8BB2AE52C0AD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-470xx/CVE-2023-47066.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47066",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:07.293",
"lastModified": "2023-11-17T11:15:07.293",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47067.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47067",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:07.793",
"lastModified": "2023-11-17T11:15:07.793",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47068.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47068",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:07.997",
"lastModified": "2023-11-17T11:15:07.997",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47069.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47069",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.200",
"lastModified": "2023-11-17T11:15:08.200",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47070.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47070",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.457",
"lastModified": "2023-11-17T11:15:08.457",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47071.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47071",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.660",
"lastModified": "2023-11-17T11:15:08.660",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47072.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47072",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:08.867",
"lastModified": "2023-11-17T11:15:08.867",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de acceso a puntero no inicializado que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-470xx/CVE-2023-47073.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47073",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T11:15:09.060",
"lastModified": "2023-11-17T11:15:09.060",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-472xx/CVE-2023-47283.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47283",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-17T05:15:12.530",
"lastModified": "2023-11-17T05:15:12.530",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos obtener archivos en el sistema."
}
],
"metrics": {},

68
CVE-2023/CVE-2023-473xx/CVE-2023-47363.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:07.907",
"lastModified": "2023-11-09T17:13:32.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T14:20:37.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims."
},
{
"lang": "es",
"value": "La fuga del token de acceso al canal en la l\u00ednea 13.6.1 de los miembros de FBP permite a atacantes remotos enviar notificaciones maliciosas a las v\u00edctimas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f.b.p._members_project:f.b.p._members:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "370A2DC9-F1B4-4397-924E-6256BF139107"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/F.B.P%20members.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47364.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:07.970",
"lastModified": "2023-11-09T17:13:32.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T14:22:55.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims"
},
{
"lang": "es",
"value": "La fuga del token de acceso al canal en la l\u00ednea 13.6.1 del taxi de Nagaoka permite a atacantes remotos enviar notificaciones maliciosas a las v\u00edctimas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagaoka_taxi_project:nagaoka_taxi:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "716A6D4A-2082-4151-A8C8-C89B54E63815"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/nagaoka%20taxi.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-473xx/CVE-2023-47365.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-47365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:08.013",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T14:28:56.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims."
},
{
"lang": "es",
"value": "La fuga del token de acceso al canal en Lil.OFF-PRICE STORE Line 13.6.1 permite a atacantes remotos enviar notificaciones maliciosas a las v\u00edctimas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reisinnova:lil.off-price_store:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "34B95965-5B0C-4C45-964C-BF31C161B806"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/Lil.OFF-PRICE%20STORE.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-476xx/CVE-2023-47675.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47675",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-17T05:15:12.580",
"lastModified": "2023-11-17T05:15:12.580",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
},
{
"lang": "es",
"value": "CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos ejecutar un comando arbitrario del sistema operativo."
}
],
"metrics": {},

47
CVE-2023/CVE-2023-476xx/CVE-2023-47680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47680",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T00:15:08.337",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T14:50:40.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.3",
"matchCriteriaId": "327C93BB-1054-4FF3-B621-25DDE02F2D80"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/qi-addons-for-elementor/wordpress-qi-addons-for-elementor-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-476xx/CVE-2023-47684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47684",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-14T00:15:08.530",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T14:12:47.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themepunch:essential_grid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "E4E111DE-2358-46E4-B4C6-2DD26F33B2C7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/essential-grid/wordpress-essential-grid-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-477xx/CVE-2023-47757.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47757",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-17T09:15:23.590",
"lastModified": "2023-11-17T09:15:23.590",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.\n\n"
},
{
"lang": "es",
"value": "Autorizaci\u00f3n faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en AWeber AWeber: Formulario de registro gratuito y complemento de creaci\u00f3n de p\u00e1ginas de destino para la generaci\u00f3n de clientes potenciales y el crecimiento de boletines informativos por correo electr\u00f3nico permite acceder a funciones no restringidas adecuadamente por ACL y Cross-Site Request Forgery. Este problema afecta AWeber: formulario de registro gratuito y complemento de creaci\u00f3n de p\u00e1ginas de destino para la generaci\u00f3n de clientes potenciales y el crecimiento de boletines informativos por correo electr\u00f3nico: desde n/a hasta 7.3.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47797.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47797",
"sourceIdentifier": "security@liferay.com",
"published": "2023-11-17T06:15:34.230",
"lastModified": "2023-11-17T06:15:34.230",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability on a content page\u2019s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en la p\u00e1gina de edici\u00f3n de una p\u00e1gina de contenido en Liferay Portal v7.4.3.94 hasta v7.4.3.95 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro `p_l_back_url_title`."
}
],
"metrics": {

75
CVE-2023/CVE-2023-47xx/CVE-2023-4775.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4775",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-13T08:15:25.790",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:59:12.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tinywebgallery:advanced_iframe:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2023.8",
"matchCriteriaId": "3FB2A371-1205-4C24-9197-7FB2C426D252"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-iframe/trunk/includes/advanced-iframe-main-iframe.php?rev=2961394#L419",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-iframe/trunk/includes/advanced-iframe-main-iframe.php?rev=2961394#L552",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2993602/advanced-iframe",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9944443-2e71-45c4-8a19-d76863cf66df?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-480xx/CVE-2023-48029.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48029",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T13:15:09.143",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5",
"source": "cve@mitre.org"
},
{
"url": "https://nitipoom-jar.github.io/CVE-2023-48029/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-480xx/CVE-2023-48031.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48031",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T02:15:26.510",
"lastModified": "2023-11-17T02:15:26.510",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation."
},
{
"lang": "es",
"value": "OpenSupports v4.11.0 es vulnerable a la carga sin restricciones de archivos con tipos peligrosos. En la funci\u00f3n de comentario, un atacante puede eludir las restricciones de seguridad y cargar un archivo .bat manipulando los bytes m\u00e1gicos del archivo para que se haga pasar por un tipo permitido. Esto puede permitir al atacante ejecutar c\u00f3digo arbitrario o establecer un shell inverso, lo que lleva a escrituras de archivos no autorizadas o control sobre la estaci\u00f3n de la v\u00edctima a trav\u00e9s de una operaci\u00f3n de carga de archivos manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-480xx/CVE-2023-48078.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48078",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T00:15:08.237",
"lastModified": "2023-11-17T00:15:08.237",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en add.php en Simple CRUD Functionality v1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro 'title'."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48648.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48648",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T04:15:07.093",
"lastModified": "2023-11-17T04:15:07.093",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified."
},
{
"lang": "es",
"value": "Concrete CMS anterior a 8.5.13 y 9.x anterior a 9.2.2 permite el acceso no autorizado porque se pueden crear directorios con permisos inseguros. Las funciones de creaci\u00f3n de archivos (como la funci\u00f3n Mkdir()) brindan acceso universal (0777) a las carpetas creadas de forma predeterminada. Se pueden otorgar permisos excesivos al crear un directorio con permisos superiores a 0755 o cuando no se especifica el argumento de permisos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48649.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48649",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T04:15:07.160",
"lastModified": "2023-11-17T04:15:07.160",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:59:04.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name."
},
{
"lang": "es",
"value": "Concrete CMS anterior a 8.5.13 y 9.x anterior a 9.2.2 permite almacenar XSS en la p\u00e1gina de Administraci\u00f3n a trav\u00e9s de un nombre de archivo cargado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-486xx/CVE-2023-48655.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48655",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.640",
"lastModified": "2023-11-17T05:15:12.640",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los par\u00e1metros de consulta."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48656.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48656",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.690",
"lastModified": "2023-11-17T05:15:12.690",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal las cl\u00e1usulas de pedido."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48657.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48657",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.740",
"lastModified": "2023-11-17T05:15:12.740",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal los filtros."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48658.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48658",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.793",
"lastModified": "2023-11-17T05:15:12.793",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php carece de una funci\u00f3n checkParam para caracteres alfanum\u00e9ricos, guiones bajos, guiones, puntos y espacios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48659.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.847",
"lastModified": "2023-11-17T05:15:12.847",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:59.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/AppController.php maneja mal el an\u00e1lisis de par\u00e1metros."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-54xx/CVE-2023-5444.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5444",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-17T10:15:07.723",
"lastModified": "2023-11-17T10:15:07.723",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Request Forgery en ePolicy Orchestrator anterior a 5.10.0 CP1 Actualizaci\u00f3n 2 permite a un usuario remoto con privilegios bajos agregar con \u00e9xito un nuevo usuario con privilegios de administrador al servidor de ePO. Esto afecta el \u00e1rea del tablero de la interfaz de usuario. Para aprovechar esto, el atacante debe cambiar el payload HTTP posterior al env\u00edo, antes de que llegue al servidor de ePO."
}
],
"metrics": {

8
CVE-2023/CVE-2023-54xx/CVE-2023-5445.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5445",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-17T10:15:08.167",
"lastModified": "2023-11-17T10:15:08.167",
"vulnStatus": "Received",
"lastModified": "2023-11-17T13:58:53.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de redireccionamiento abierto en ePolicy Orchestrator anterior a 5.10.0 CP1 Actualizaci\u00f3n 2 permite a un usuario remoto con pocos privilegios modificar el par\u00e1metro de URL con el fin de redirigir solicitudes de URL a un sitio malicioso. Esto afecta el \u00e1rea del tablero de la interfaz de usuario. Un usuario deber\u00eda iniciar sesi\u00f3n en ePO para activar esta vulnerabilidad. Para aprovechar esto, el atacante debe cambiar el payload HTTP posterior al env\u00edo, antes de que llegue al servidor de ePO."
}
],
"metrics": {

70
CVE-2023/CVE-2023-57xx/CVE-2023-5741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5741",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-13T08:15:26.317",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:57:53.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:powr:powr:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "7B600778-5200-4148-85EE-4AAF1864CE8A"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/powr-pack/trunk/src/pack.php?rev=2821707#L198",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/powr-pack/trunk/src/pack.php?rev=2821707#L201",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2967eae-82bb-4556-a21a-c5bb6b905c62?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-57xx/CVE-2023-5747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5747",
"sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"published": "2023-11-13T08:15:26.530",
"lastModified": "2023-11-13T14:12:08.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-17T13:51:04.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
},
{
"source": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"type": "Secondary",
@ -54,10 +84,81 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.1.37647",
"matchCriteriaId": "083DB67F-A636-4CC4-A731-8979EAA28E56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*",
"matchCriteriaId": "90E127EA-B3E5-45CF-8087-EFBC66708548"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4A33CA-1CAA-4BC2-8B6A-E5AFDA5E19B5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.1.37647",
"matchCriteriaId": "083DB67F-A636-4CC4-A731-8979EAA28E56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F3371638-F23E-4FA3-B0A4-44EF3426A056"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0561EB6-5030-4BED-A531-236A2BB8AB43"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf",
"source": "fc9afe74-3f80-4fb7-a313-e6f036a89882"
"source": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-59xx/CVE-2023-5997.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5997",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-15T18:15:06.873",
"lastModified": "2023-11-16T01:43:41.077",
"lastModified": "2023-11-17T13:15:09.187",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "Use after free en Garbage Collection en Google Chrome anterior a 119.0.6045.159 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del heap a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
@ -19,6 +23,10 @@
{
"url": "https://crbug.com/1497997",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5556",
"source": "chrome-cve-admin@google.com"
}
]
}

10
CVE-2023/CVE-2023-61xx/CVE-2023-6112.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6112",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-11-15T18:15:06.933",
"lastModified": "2023-11-16T01:43:41.077",
"lastModified": "2023-11-17T13:15:09.230",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "Use after free en Navegaci\u00f3n en Google Chrome anterior a 119.0.6045.159 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del heap a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
@ -19,6 +23,10 @@
{
"url": "https://crbug.com/1499298",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5556",
"source": "chrome-cve-admin@google.com"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-17T13:00:17.764570+00:00
2023-11-17T15:00:17.971726+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-17T12:15:07.030000+00:00
2023-11-17T14:50:40.710000+00:00
```
### Last Data Feed Release
@ -29,29 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231048
231062
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `14`
* [CVE-2020-11447](CVE-2020/CVE-2020-114xx/CVE-2020-11447.json) (`2023-11-17T12:15:06.967`)
* [CVE-2020-11448](CVE-2020/CVE-2020-114xx/CVE-2020-11448.json) (`2023-11-17T12:15:07.030`)
* [CVE-2023-47066](CVE-2023/CVE-2023-470xx/CVE-2023-47066.json) (`2023-11-17T11:15:07.293`)
* [CVE-2023-47067](CVE-2023/CVE-2023-470xx/CVE-2023-47067.json) (`2023-11-17T11:15:07.793`)
* [CVE-2023-47068](CVE-2023/CVE-2023-470xx/CVE-2023-47068.json) (`2023-11-17T11:15:07.997`)
* [CVE-2023-47069](CVE-2023/CVE-2023-470xx/CVE-2023-47069.json) (`2023-11-17T11:15:08.200`)
* [CVE-2023-47070](CVE-2023/CVE-2023-470xx/CVE-2023-47070.json) (`2023-11-17T11:15:08.457`)
* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-11-17T11:15:08.660`)
* [CVE-2023-47072](CVE-2023/CVE-2023-470xx/CVE-2023-47072.json) (`2023-11-17T11:15:08.867`)
* [CVE-2023-47073](CVE-2023/CVE-2023-470xx/CVE-2023-47073.json) (`2023-11-17T11:15:09.060`)
* [CVE-2023-22268](CVE-2023/CVE-2023-222xx/CVE-2023-22268.json) (`2023-11-17T13:15:07.693`)
* [CVE-2023-22272](CVE-2023/CVE-2023-222xx/CVE-2023-22272.json) (`2023-11-17T13:15:07.897`)
* [CVE-2023-22273](CVE-2023/CVE-2023-222xx/CVE-2023-22273.json) (`2023-11-17T13:15:08.097`)
* [CVE-2023-22274](CVE-2023/CVE-2023-222xx/CVE-2023-22274.json) (`2023-11-17T13:15:08.277`)
* [CVE-2023-22275](CVE-2023/CVE-2023-222xx/CVE-2023-22275.json) (`2023-11-17T13:15:08.467`)
* [CVE-2023-44324](CVE-2023/CVE-2023-443xx/CVE-2023-44324.json) (`2023-11-17T13:15:08.927`)
* [CVE-2023-48029](CVE-2023/CVE-2023-480xx/CVE-2023-48029.json) (`2023-11-17T13:15:09.143`)
* [CVE-2023-26347](CVE-2023/CVE-2023-263xx/CVE-2023-26347.json) (`2023-11-17T14:15:20.867`)
* [CVE-2023-26364](CVE-2023/CVE-2023-263xx/CVE-2023-26364.json) (`2023-11-17T14:15:21.083`)
* [CVE-2023-44350](CVE-2023/CVE-2023-443xx/CVE-2023-44350.json) (`2023-11-17T14:15:21.293`)
* [CVE-2023-44351](CVE-2023/CVE-2023-443xx/CVE-2023-44351.json) (`2023-11-17T14:15:21.490`)
* [CVE-2023-44352](CVE-2023/CVE-2023-443xx/CVE-2023-44352.json) (`2023-11-17T14:15:21.693`)
* [CVE-2023-44353](CVE-2023/CVE-2023-443xx/CVE-2023-44353.json) (`2023-11-17T14:15:21.890`)
* [CVE-2023-44355](CVE-2023/CVE-2023-443xx/CVE-2023-44355.json) (`2023-11-17T14:15:22.083`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `61`
* [CVE-2023-39545](CVE-2023/CVE-2023-395xx/CVE-2023-39545.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-39546](CVE-2023/CVE-2023-395xx/CVE-2023-39546.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-39547](CVE-2023/CVE-2023-395xx/CVE-2023-39547.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-41101](CVE-2023/CVE-2023-411xx/CVE-2023-41101.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-41102](CVE-2023/CVE-2023-411xx/CVE-2023-41102.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-44325](CVE-2023/CVE-2023-443xx/CVE-2023-44325.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-44326](CVE-2023/CVE-2023-443xx/CVE-2023-44326.json) (`2023-11-17T13:58:59.840`)
* [CVE-2023-48078](CVE-2023/CVE-2023-480xx/CVE-2023-48078.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-45382](CVE-2023/CVE-2023-453xx/CVE-2023-45382.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-45387](CVE-2023/CVE-2023-453xx/CVE-2023-45387.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-48031](CVE-2023/CVE-2023-480xx/CVE-2023-48031.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-48648](CVE-2023/CVE-2023-486xx/CVE-2023-48648.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-48649](CVE-2023/CVE-2023-486xx/CVE-2023-48649.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-38130](CVE-2023/CVE-2023-381xx/CVE-2023-38130.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-42428](CVE-2023/CVE-2023-424xx/CVE-2023-42428.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-47283](CVE-2023/CVE-2023-472xx/CVE-2023-47283.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-47675](CVE-2023/CVE-2023-476xx/CVE-2023-47675.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-39548](CVE-2023/CVE-2023-395xx/CVE-2023-39548.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-47797](CVE-2023/CVE-2023-477xx/CVE-2023-47797.json) (`2023-11-17T13:59:04.600`)
* [CVE-2023-4775](CVE-2023/CVE-2023-47xx/CVE-2023-4775.json) (`2023-11-17T13:59:12.040`)
* [CVE-2023-47684](CVE-2023/CVE-2023-476xx/CVE-2023-47684.json) (`2023-11-17T14:12:47.883`)
* [CVE-2023-47363](CVE-2023/CVE-2023-473xx/CVE-2023-47363.json) (`2023-11-17T14:20:37.830`)
* [CVE-2023-47364](CVE-2023/CVE-2023-473xx/CVE-2023-47364.json) (`2023-11-17T14:22:55.423`)
* [CVE-2023-47365](CVE-2023/CVE-2023-473xx/CVE-2023-47365.json) (`2023-11-17T14:28:56.487`)
* [CVE-2023-47680](CVE-2023/CVE-2023-476xx/CVE-2023-47680.json) (`2023-11-17T14:50:40.710`)
## Download and Usage