From fe3abca775242b8572d8db6c8fbcebc9c9645b0d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 17 Nov 2023 15:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-17T15:00:17.971726+00:00 --- CVE-2020/CVE-2020-114xx/CVE-2020-11447.json | 8 +- CVE-2020/CVE-2020-114xx/CVE-2020-11448.json | 8 +- CVE-2023/CVE-2023-222xx/CVE-2023-22268.json | 55 ++++++++++ CVE-2023/CVE-2023-222xx/CVE-2023-22272.json | 55 ++++++++++ CVE-2023/CVE-2023-222xx/CVE-2023-22273.json | 55 ++++++++++ CVE-2023/CVE-2023-222xx/CVE-2023-22274.json | 55 ++++++++++ CVE-2023/CVE-2023-222xx/CVE-2023-22275.json | 55 ++++++++++ CVE-2023/CVE-2023-263xx/CVE-2023-26347.json | 55 ++++++++++ CVE-2023/CVE-2023-263xx/CVE-2023-26364.json | 55 ++++++++++ CVE-2023/CVE-2023-381xx/CVE-2023-38130.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38313.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38314.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38315.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38316.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38320.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38322.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38324.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38363.json | 77 +++++++++++++- CVE-2023/CVE-2023-395xx/CVE-2023-39544.json | 8 +- CVE-2023/CVE-2023-395xx/CVE-2023-39545.json | 8 +- CVE-2023/CVE-2023-395xx/CVE-2023-39546.json | 8 +- CVE-2023/CVE-2023-395xx/CVE-2023-39547.json | 8 +- CVE-2023/CVE-2023-395xx/CVE-2023-39548.json | 8 +- CVE-2023/CVE-2023-403xx/CVE-2023-40335.json | 47 ++++++++- CVE-2023/CVE-2023-411xx/CVE-2023-41101.json | 8 +- CVE-2023/CVE-2023-411xx/CVE-2023-41102.json | 8 +- CVE-2023/CVE-2023-412xx/CVE-2023-41239.json | 51 +++++++++- CVE-2023/CVE-2023-419xx/CVE-2023-41983.json | 8 +- CVE-2023/CVE-2023-424xx/CVE-2023-42428.json | 8 +- CVE-2023/CVE-2023-428xx/CVE-2023-42852.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44324.json | 55 ++++++++++ CVE-2023/CVE-2023-443xx/CVE-2023-44325.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44326.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44350.json | 55 ++++++++++ CVE-2023/CVE-2023-443xx/CVE-2023-44351.json | 55 ++++++++++ CVE-2023/CVE-2023-443xx/CVE-2023-44352.json | 55 ++++++++++ CVE-2023/CVE-2023-443xx/CVE-2023-44353.json | 55 ++++++++++ CVE-2023/CVE-2023-443xx/CVE-2023-44355.json | 55 ++++++++++ CVE-2023/CVE-2023-453xx/CVE-2023-45382.json | 8 +- CVE-2023/CVE-2023-453xx/CVE-2023-45387.json | 8 +- CVE-2023/CVE-2023-460xx/CVE-2023-46092.json | 47 ++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47066.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47067.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47068.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47069.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47070.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47071.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47072.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47073.json | 8 +- CVE-2023/CVE-2023-472xx/CVE-2023-47283.json | 8 +- CVE-2023/CVE-2023-473xx/CVE-2023-47363.json | 68 ++++++++++++- CVE-2023/CVE-2023-473xx/CVE-2023-47364.json | 68 ++++++++++++- CVE-2023/CVE-2023-473xx/CVE-2023-47365.json | 68 ++++++++++++- CVE-2023/CVE-2023-476xx/CVE-2023-47675.json | 8 +- CVE-2023/CVE-2023-476xx/CVE-2023-47680.json | 47 ++++++++- CVE-2023/CVE-2023-476xx/CVE-2023-47684.json | 47 ++++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47757.json | 8 +- CVE-2023/CVE-2023-477xx/CVE-2023-47797.json | 8 +- CVE-2023/CVE-2023-47xx/CVE-2023-4775.json | 75 ++++++++++++-- CVE-2023/CVE-2023-480xx/CVE-2023-48029.json | 24 +++++ CVE-2023/CVE-2023-480xx/CVE-2023-48031.json | 8 +- CVE-2023/CVE-2023-480xx/CVE-2023-48078.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48648.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48649.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48655.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48656.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48657.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48658.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48659.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5444.json | 8 +- CVE-2023/CVE-2023-54xx/CVE-2023-5445.json | 8 +- CVE-2023/CVE-2023-57xx/CVE-2023-5741.json | 70 ++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5747.json | 107 +++++++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5997.json | 10 +- CVE-2023/CVE-2023-61xx/CVE-2023-6112.json | 10 +- README.md | 59 ++++++++--- 76 files changed, 1810 insertions(+), 156 deletions(-) create mode 100644 CVE-2023/CVE-2023-222xx/CVE-2023-22268.json create mode 100644 CVE-2023/CVE-2023-222xx/CVE-2023-22272.json create mode 100644 CVE-2023/CVE-2023-222xx/CVE-2023-22273.json create mode 100644 CVE-2023/CVE-2023-222xx/CVE-2023-22274.json create mode 100644 CVE-2023/CVE-2023-222xx/CVE-2023-22275.json create mode 100644 CVE-2023/CVE-2023-263xx/CVE-2023-26347.json create mode 100644 CVE-2023/CVE-2023-263xx/CVE-2023-26364.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44324.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44350.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44351.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44352.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44353.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44355.json create mode 100644 CVE-2023/CVE-2023-480xx/CVE-2023-48029.json diff --git a/CVE-2020/CVE-2020-114xx/CVE-2020-11447.json b/CVE-2020/CVE-2020-114xx/CVE-2020-11447.json index be44644caf0..b4f09277183 100644 --- a/CVE-2020/CVE-2020-114xx/CVE-2020-11447.json +++ b/CVE-2020/CVE-2020-114xx/CVE-2020-11447.json @@ -2,12 +2,16 @@ "id": "CVE-2020-11447", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T12:15:06.967", - "lastModified": "2023-11-17T12:15:06.967", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en los dispositivos Bell HomeHub 3000 SG48222070. Los usuarios autenticados remotamente pueden recuperar el n\u00famero de serie a trav\u00e9s de cgi/json-req; esto es una filtraci\u00f3n de informaci\u00f3n porque el n\u00famero de serie pretende demostrar el acceso f\u00edsico de un actor al dispositivo." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-114xx/CVE-2020-11448.json b/CVE-2020/CVE-2020-114xx/CVE-2020-11448.json index 60805637a5f..47a54474874 100644 --- a/CVE-2020/CVE-2020-114xx/CVE-2020-11448.json +++ b/CVE-2020/CVE-2020-114xx/CVE-2020-11448.json @@ -2,12 +2,16 @@ "id": "CVE-2020-11448", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T12:15:07.030", - "lastModified": "2023-11-17T12:15:07.030", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en los dispositivos Bell HomeHub 3000 SG48222070. Hay XSS relacionado con el campo de correo electr\u00f3nico y la p\u00e1gina de inicio de sesi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json new file mode 100644 index 00000000000..bf1469c6c4c --- /dev/null +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22268", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T13:15:07.693", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json new file mode 100644 index 00000000000..59ccd57d9d9 --- /dev/null +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22272", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T13:15:07.897", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json new file mode 100644 index 00000000000..b2c9c319bf6 --- /dev/null +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22273", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T13:15:08.097", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json new file mode 100644 index 00000000000..3b644225b3e --- /dev/null +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22274", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T13:15:08.277", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json new file mode 100644 index 00000000000..5350a735fe6 --- /dev/null +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22275", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T13:15:08.467", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26347.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26347.json new file mode 100644 index 00000000000..4125454f53f --- /dev/null +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26347.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26347", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:20.867", + "lastModified": "2023-11-17T14:15:20.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26364.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26364.json new file mode 100644 index 00000000000..6cc719057d6 --- /dev/null +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26364.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26364", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:21.083", + "lastModified": "2023-11-17T14:15:21.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38130.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38130.json index da3a3af17aa..0898f0aa99e 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38130.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38130.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38130", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-17T05:15:12.300", - "lastModified": "2023-11-17T05:15:12.300", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CubeCart anterior a 6.5.3 permite que un atacante remoto no autenticado elimine datos en el sistema." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38313.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38313.json index fe46b62b4e8..0a798157036 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38313.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38313.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38313", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.427", - "lastModified": "2023-11-17T06:15:33.427", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de 10.1.2. tiene una desreferencia de puntero NULL do_binauth que se puede activar con una solicitud GET HTTP manipulada con un par\u00e1metro de cadena de consulta de redireccionamiento de cliente faltante. Al desencadenar este problema, openNDS falla (una condici\u00f3n de denegaci\u00f3n de servicio). El problema ocurre cuando el cliente est\u00e1 a punto de ser autenticado y solo puede activarse cuando la opci\u00f3n BinAuth est\u00e1 configurada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38314.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38314.json index 9f162d12e3e..fe8a9d6f7d0 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38314.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38314.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38314", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.530", - "lastModified": "2023-11-17T06:15:33.530", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero NULL en preauthentiated() que se puede activar con una solicitud GET HTTP manipulada con un par\u00e1metro de cadena de consulta de redireccionamiento faltante. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38315.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38315.json index 2682b644c2f..9d7779f1cc1 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38315.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38315.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38315", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.577", - "lastModified": "2023-11-17T06:15:33.577", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero try_to_authenticate NULL que se puede activar con un GET HTTP manipulado con un par\u00e1metro de cadena de consulta de token de cliente faltante. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38316.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38316.json index 40e66f8b3ee..29a5ea21f83 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38316.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38316.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38316", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.617", - "lastModified": "2023-11-17T06:15:33.617", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Cuando la devoluci\u00f3n de llamada personalizada sin escape est\u00e1 habilitada, los atacantes pueden ejecutar comandos arbitrarios del sistema operativo insert\u00e1ndolos en la parte URL de las solicitudes HTTP GET." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38320.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38320.json index d12d8fb4cde..c695b6986dc 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38320.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38320.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38320", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.667", - "lastModified": "2023-11-17T06:15:33.667", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia del puntero NULL show_preauthpage que se puede activar con un GET HTTP manipulado al que le falta un encabezado User-Agent. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38322.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38322.json index 5c6ef725c7d..6bfe5a505dc 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38322.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38322.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38322", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.720", - "lastModified": "2023-11-17T06:15:33.720", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero NULL do_binauth que se activa con una solicitud GET HTTP manipulada a la que le falta un encabezado HTTP User-Agent. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio). El problema ocurre cuando el cliente est\u00e1 a punto de ser autenticado y solo puede activarse cuando la opci\u00f3n BinAuth est\u00e1 configurada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json index 8f781e0fcda..e31e6ff4f57 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38324", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:33.760", - "lastModified": "2023-11-17T06:15:33.760", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Permite a los usuarios omitir la secuencia de la p\u00e1gina de presentaci\u00f3n cuando usan la clave FAS predeterminada y cuando OpenNDS est\u00e1 configurado como FAS (predeterminado)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json index 666fe47e85a..84b6d65f1ae 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38363.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38363", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-11-13T02:15:08.663", - "lastModified": "2023-11-13T17:15:07.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:50:18.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -38,14 +58,63 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*", + "matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260818", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7067987", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39544.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39544.json index 819568478cf..f20d6810267 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39544.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39544.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39544", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-11-17T06:15:33.810", - "lastModified": "2023-11-17T06:15:33.810", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n" + }, + { + "lang": "es", + "value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39545.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39545.json index 13ea650849f..a83b20670e4 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39545.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39545.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39545", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-11-17T06:15:33.880", - "lastModified": "2023-11-17T06:15:33.880", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n" + }, + { + "lang": "es", + "value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39546.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39546.json index 0f237ae6326..d62bdb38529 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39546.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39546.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39546", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-11-17T06:15:33.947", - "lastModified": "2023-11-17T06:15:33.947", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n" + }, + { + "lang": "es", + "value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39547.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39547.json index 44aa58aec42..b92fd3e70de 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39547.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39547.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39547", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-11-17T06:15:34.017", - "lastModified": "2023-11-17T06:15:34.017", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n" + }, + { + "lang": "es", + "value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39548.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39548.json index 325f964283a..7e6a72b7f22 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39548.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39548.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39548", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-11-17T06:15:34.077", - "lastModified": "2023-11-17T06:15:34.077", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n" + }, + { + "lang": "es", + "value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json index 1c1e595e90b..a281b6cf865 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40335.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40335", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T10:15:07.540", - "lastModified": "2023-11-13T14:12:08.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:36:37.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cyberws:cleverwise_daily_quotes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2", + "matchCriteriaId": "111BA33D-AC43-4713-90E7-1C946C76FA39" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cleverwise-daily-quotes/wordpress-cleverwise-daily-quotes-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41101.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41101.json index fd7639fa6e8..4183ff02b8c 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41101.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41101.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41101", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:34.137", - "lastModified": "2023-11-17T06:15:34.137", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en el portal cautivo en OpenNDS antes de la versi\u00f3n 10.1.3. get_query en http_microhttpd.c no valida la longitud de la cadena de consulta de las solicitudes GET. Esto provoca un desbordamiento del b\u00fafer basado en pila en las versiones 9.x y anteriores, y un desbordamiento del b\u00fafer basado en pila en las versiones 10.x y posteriores. Los atacantes pueden aprovechar el problema para bloquear OpenNDS (condici\u00f3n de denegaci\u00f3n de servicio) o para inyectar y ejecutar c\u00f3digo de bytes arbitrario (ejecuci\u00f3n remota de c\u00f3digo)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41102.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41102.json index ae574596ea8..9d574642d75 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41102.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41102.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41102", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T06:15:34.180", - "lastModified": "2023-11-17T06:15:34.180", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en el portal cautivo en OpenNDS antes de la versi\u00f3n 10.1.3. Tiene m\u00faltiples p\u00e9rdidas de memoria debido a que no libera la memoria asignada. Esto puede provocar una condici\u00f3n de denegaci\u00f3n de servicio debido al consumo de toda la memoria disponible." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41239.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41239.json index 093bf7b0432..79e8eaa0188 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41239.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41239.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41239", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T03:15:09.347", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:19:04.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en el complemento Blubrry PowerPress Podcasting de Blubrry. Este problema afecta al complemento PowerPress Podcasting de Blubrry: desde n/a hasta 11.0.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "11.0.6", + "matchCriteriaId": "35409F83-CDC1-4B22-B9F4-744FD6943C53" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json index aca7c8e257d..fef5b678bc1 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41983.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41983", "sourceIdentifier": "product-security@apple.com", "published": "2023-10-25T19:15:10.110", - "lastModified": "2023-11-15T21:15:07.880", - "vulnStatus": "Modified", + "lastModified": "2023-11-17T13:15:08.653", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -173,6 +173,10 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5557", + "source": "product-security@apple.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42428.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42428.json index c91ba9e9e9b..ecd082cec18 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42428.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42428.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42428", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-17T05:15:12.477", - "lastModified": "2023-11-17T05:15:12.477", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos eliminar directorios y archivos en el sistema." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json index 662c9d5f674..b7052884bca 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42852.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42852", "sourceIdentifier": "product-security@apple.com", "published": "2023-10-25T19:15:10.843", - "lastModified": "2023-11-15T21:15:07.957", - "vulnStatus": "Modified", + "lastModified": "2023-11-17T13:15:08.837", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -217,6 +217,10 @@ "Release Notes", "Vendor Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5557", + "source": "product-security@apple.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44324.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44324.json new file mode 100644 index 00000000000..77d3b9f675b --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44324.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44324", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T13:15:08.927", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb23-58.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json index ac79567e447..8d6c8c3c28e 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44325", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T09:15:23.053", - "lastModified": "2023-11-17T09:15:23.053", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 23.0.2 (y anteriores) de Adobe Animate se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44326.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44326.json index af29ad6eaf1..992a07c502b 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44326.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44326.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44326", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T09:15:23.407", - "lastModified": "2023-11-17T09:15:23.407", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 3.4.9 (y anteriores) de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44350.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44350.json new file mode 100644 index 00000000000..aee06dd1c15 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44350.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44350", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:21.293", + "lastModified": "2023-11-17T14:15:21.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44351.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44351.json new file mode 100644 index 00000000000..4c407e0e097 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44351.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44351", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:21.490", + "lastModified": "2023-11-17T14:15:21.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44352.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44352.json new file mode 100644 index 00000000000..c09123b0303 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44352.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44352", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:21.693", + "lastModified": "2023-11-17T14:15:21.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44353.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44353.json new file mode 100644 index 00000000000..ba2abf8bc53 --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44353.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44353", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:21.890", + "lastModified": "2023-11-17T14:15:21.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44355.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44355.json new file mode 100644 index 00000000000..f853c680fec --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44355.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44355", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-11-17T14:15:22.083", + "lastModified": "2023-11-17T14:15:22.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45382.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45382.json index a825c79aef2..01863c44521 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45382.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45382.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45382", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T02:15:26.387", - "lastModified": "2023-11-17T02:15:26.387", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In the module \"SoNice Retour\" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system." + }, + { + "lang": "es", + "value": "En el m\u00f3dulo \"SoNice Retour\" (sonice_retour) hasta la versi\u00f3n 2.1.0 de Common-Services para PrestaShop, un invitado puede descargar informaci\u00f3n personal sin restricciones realizando un ataque de Path Traversal. Debido a la falta de control de permisos y a la falta de control en la construcci\u00f3n del nombre de la ruta, un invitado puede realizar un Path Traversal para ver todos los archivos en el sistema de informaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45387.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45387.json index eb02e9ec0a1..10c21a1d090 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45387.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45387.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45387", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T02:15:26.460", - "lastModified": "2023-11-17T02:15:26.460", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In the module \"Product Catalog (CSV, Excel, XML) Export PRO\" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`" + }, + { + "lang": "es", + "value": "En el m\u00f3dulo \"Product Catalog (CSV, Excel, XML) Export PRO\" (exportproducts) en versiones hasta 5.0.0 de MyPrestaModules para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL a trav\u00e9s de `exportProduct::_addDataToDb().`" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json index 8d8b997cd22..700b9e267f9 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46092.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46092", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T10:15:07.747", - "lastModified": "2023-11-13T14:12:08.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:31:28.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lionscripts:webmaster_tools:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "4F01BD8B-1C9C-46E2-B36C-8BB2AE52C0AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json index d99376d282d..8c8e363fdad 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47066", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:07.293", - "lastModified": "2023-11-17T11:15:07.293", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json index 72f824858f8..18fb35012b1 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47067", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:07.793", - "lastModified": "2023-11-17T11:15:07.793", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json index 7ce5344fb3c..3e5d5d8d9fc 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47068", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:07.997", - "lastModified": "2023-11-17T11:15:07.997", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json index 22faab19acd..354e4fd3a03 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47069", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.200", - "lastModified": "2023-11-17T11:15:08.200", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar como resultado una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json index 8352b8fb7fe..56ad47a1dd5 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47070", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.457", - "lastModified": "2023-11-17T11:15:08.457", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json index 560125d1eb8..40d73e087e0 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47071", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.660", - "lastModified": "2023-11-17T11:15:08.660", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json index 031f796acb4..aedf1348d3b 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47072", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.867", - "lastModified": "2023-11-17T11:15:08.867", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de acceso a puntero no inicializado que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json index eacb0274732..a6fb724d720 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47073", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:09.060", - "lastModified": "2023-11-17T11:15:09.060", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe After Effects versi\u00f3n 24.0.2 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47283.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47283.json index 14699956d2b..82484fd2620 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47283.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47283.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47283", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-17T05:15:12.530", - "lastModified": "2023-11-17T05:15:12.530", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos obtener archivos en el sistema." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47363.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47363.json index 94307f512d0..962d49c1ca1 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47363.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47363.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47363", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-09T14:15:07.907", - "lastModified": "2023-11-09T17:13:32.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T14:20:37.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims." + }, + { + "lang": "es", + "value": "La fuga del token de acceso al canal en la l\u00ednea 13.6.1 de los miembros de FBP permite a atacantes remotos enviar notificaciones maliciosas a las v\u00edctimas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f.b.p._members_project:f.b.p._members:13.6.1:*:*:*:*:line:*:*", + "matchCriteriaId": "370A2DC9-F1B4-4397-924E-6256BF139107" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/syz913/CVE-reports/blob/main/F.B.P%20members.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47364.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47364.json index 185a6aee102..a67ef20e98a 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47364.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47364.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47364", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-09T14:15:07.970", - "lastModified": "2023-11-09T17:13:32.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T14:22:55.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims" + }, + { + "lang": "es", + "value": "La fuga del token de acceso al canal en la l\u00ednea 13.6.1 del taxi de Nagaoka permite a atacantes remotos enviar notificaciones maliciosas a las v\u00edctimas" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagaoka_taxi_project:nagaoka_taxi:13.6.1:*:*:*:*:line:*:*", + "matchCriteriaId": "716A6D4A-2082-4151-A8C8-C89B54E63815" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/syz913/CVE-reports/blob/main/nagaoka%20taxi.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47365.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47365.json index f5627a6fde0..cfdeedfc73f 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47365.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47365.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47365", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-09T14:15:08.013", - "lastModified": "2023-11-09T17:13:29.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T14:28:56.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims." + }, + { + "lang": "es", + "value": "La fuga del token de acceso al canal en Lil.OFF-PRICE STORE Line 13.6.1 permite a atacantes remotos enviar notificaciones maliciosas a las v\u00edctimas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reisinnova:lil.off-price_store:13.6.1:*:*:*:*:line:*:*", + "matchCriteriaId": "34B95965-5B0C-4C45-964C-BF31C161B806" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/syz913/CVE-reports/blob/main/Lil.OFF-PRICE%20STORE.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47675.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47675.json index 6b3b81d25e4..3273b14df38 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47675.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47675.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47675", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-17T05:15:12.580", - "lastModified": "2023-11-17T05:15:12.580", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command." + }, + { + "lang": "es", + "value": "CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos ejecutar un comando arbitrario del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json index f3193a41b2b..2977056a640 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47680", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:08.337", - "lastModified": "2023-11-14T15:15:54.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T14:50:40.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.3", + "matchCriteriaId": "327C93BB-1054-4FF3-B621-25DDE02F2D80" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/qi-addons-for-elementor/wordpress-qi-addons-for-elementor-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json index 6fa4ecf2844..e4dcc531a64 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47684", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:08.530", - "lastModified": "2023-11-14T15:15:54.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T14:12:47.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themepunch:essential_grid:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "E4E111DE-2358-46E4-B4C6-2DD26F33B2C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/essential-grid/wordpress-essential-grid-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47757.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47757.json index f2ca23c7106..4bb47ab907e 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47757.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47757.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47757", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-17T09:15:23.590", - "lastModified": "2023-11-17T09:15:23.590", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.\n\n" + }, + { + "lang": "es", + "value": "Autorizaci\u00f3n faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en AWeber AWeber: Formulario de registro gratuito y complemento de creaci\u00f3n de p\u00e1ginas de destino para la generaci\u00f3n de clientes potenciales y el crecimiento de boletines informativos por correo electr\u00f3nico permite acceder a funciones no restringidas adecuadamente por ACL y Cross-Site Request Forgery. Este problema afecta AWeber: formulario de registro gratuito y complemento de creaci\u00f3n de p\u00e1ginas de destino para la generaci\u00f3n de clientes potenciales y el crecimiento de boletines informativos por correo electr\u00f3nico: desde n/a hasta 7.3.9." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47797.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47797.json index 04416c35392..da15d6ad80e 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47797.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47797.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47797", "sourceIdentifier": "security@liferay.com", "published": "2023-11-17T06:15:34.230", - "lastModified": "2023-11-17T06:15:34.230", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Reflected cross-site scripting (XSS) vulnerability on a content page\u2019s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en la p\u00e1gina de edici\u00f3n de una p\u00e1gina de contenido en Liferay Portal v7.4.3.94 hasta v7.4.3.95 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro `p_l_back_url_title`." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json index 615402f4c06..10d6c4b9ed6 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4775.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4775", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-13T08:15:25.790", - "lastModified": "2023-11-13T14:12:08.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:59:12.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,22 +58,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tinywebgallery:advanced_iframe:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2023.8", + "matchCriteriaId": "3FB2A371-1205-4C24-9197-7FB2C426D252" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/advanced-iframe/trunk/includes/advanced-iframe-main-iframe.php?rev=2961394#L419", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/advanced-iframe/trunk/includes/advanced-iframe-main-iframe.php?rev=2961394#L552", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2993602/advanced-iframe", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9944443-2e71-45c4-8a19-d76863cf66df?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48029.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48029.json new file mode 100644 index 00000000000..c63729d924f --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48029.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48029", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-17T13:15:09.143", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5", + "source": "cve@mitre.org" + }, + { + "url": "https://nitipoom-jar.github.io/CVE-2023-48029/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48031.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48031.json index b6ab6e6bb0e..2b3c892abe7 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48031.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48031.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48031", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T02:15:26.510", - "lastModified": "2023-11-17T02:15:26.510", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation." + }, + { + "lang": "es", + "value": "OpenSupports v4.11.0 es vulnerable a la carga sin restricciones de archivos con tipos peligrosos. En la funci\u00f3n de comentario, un atacante puede eludir las restricciones de seguridad y cargar un archivo .bat manipulando los bytes m\u00e1gicos del archivo para que se haga pasar por un tipo permitido. Esto puede permitir al atacante ejecutar c\u00f3digo arbitrario o establecer un shell inverso, lo que lleva a escrituras de archivos no autorizadas o control sobre la estaci\u00f3n de la v\u00edctima a trav\u00e9s de una operaci\u00f3n de carga de archivos manipulada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48078.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48078.json index 398bf8ea0ee..f3df924328f 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48078.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48078.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48078", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T00:15:08.237", - "lastModified": "2023-11-17T00:15:08.237", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en add.php en Simple CRUD Functionality v1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro 'title'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48648.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48648.json index 77d000ad9e9..45d69ca4199 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48648.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48648.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48648", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T04:15:07.093", - "lastModified": "2023-11-17T04:15:07.093", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified." + }, + { + "lang": "es", + "value": "Concrete CMS anterior a 8.5.13 y 9.x anterior a 9.2.2 permite el acceso no autorizado porque se pueden crear directorios con permisos inseguros. Las funciones de creaci\u00f3n de archivos (como la funci\u00f3n Mkdir()) brindan acceso universal (0777) a las carpetas creadas de forma predeterminada. Se pueden otorgar permisos excesivos al crear un directorio con permisos superiores a 0755 o cuando no se especifica el argumento de permisos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48649.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48649.json index 88faeb17d63..dd262e6b685 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48649.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48649.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48649", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T04:15:07.160", - "lastModified": "2023-11-17T04:15:07.160", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:59:04.600", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name." + }, + { + "lang": "es", + "value": "Concrete CMS anterior a 8.5.13 y 9.x anterior a 9.2.2 permite almacenar XSS en la p\u00e1gina de Administraci\u00f3n a trav\u00e9s de un nombre de archivo cargado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json index d0f752d59d9..ff4f185a1e7 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48655", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.640", - "lastModified": "2023-11-17T05:15:12.640", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los par\u00e1metros de consulta." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json index a952cd61faf..eb091ac1bd5 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48656", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.690", - "lastModified": "2023-11-17T05:15:12.690", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal las cl\u00e1usulas de pedido." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json index a0ff27e02d6..4509642674a 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48657", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.740", - "lastModified": "2023-11-17T05:15:12.740", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal los filtros." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json index ac8840cced3..7ec349c96d4 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48658", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.793", - "lastModified": "2023-11-17T05:15:12.793", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php carece de una funci\u00f3n checkParam para caracteres alfanum\u00e9ricos, guiones bajos, guiones, puntos y espacios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json index a5ec30dc104..c0f9c44e5df 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48659", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.847", - "lastModified": "2023-11-17T05:15:12.847", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:59.840", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/AppController.php maneja mal el an\u00e1lisis de par\u00e1metros." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5444.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5444.json index 601e91f3eb3..38f154be7c7 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5444.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5444.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5444", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-11-17T10:15:07.723", - "lastModified": "2023-11-17T10:15:07.723", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nA Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross Site Request Forgery en ePolicy Orchestrator anterior a 5.10.0 CP1 Actualizaci\u00f3n 2 permite a un usuario remoto con privilegios bajos agregar con \u00e9xito un nuevo usuario con privilegios de administrador al servidor de ePO. Esto afecta el \u00e1rea del tablero de la interfaz de usuario. Para aprovechar esto, el atacante debe cambiar el payload HTTP posterior al env\u00edo, antes de que llegue al servidor de ePO." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5445.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5445.json index d09ed8588b1..ad81d23bb97 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5445.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5445.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5445", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-11-17T10:15:08.167", - "lastModified": "2023-11-17T10:15:08.167", - "vulnStatus": "Received", + "lastModified": "2023-11-17T13:58:53.593", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nAn open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de redireccionamiento abierto en ePolicy Orchestrator anterior a 5.10.0 CP1 Actualizaci\u00f3n 2 permite a un usuario remoto con pocos privilegios modificar el par\u00e1metro de URL con el fin de redirigir solicitudes de URL a un sitio malicioso. Esto afecta el \u00e1rea del tablero de la interfaz de usuario. Un usuario deber\u00eda iniciar sesi\u00f3n en ePO para activar esta vulnerabilidad. Para aprovechar esto, el atacante debe cambiar el payload HTTP posterior al env\u00edo, antes de que llegue al servidor de ePO." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json index 26f001fc5bc..f001b6f4fd0 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5741.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5741", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-13T08:15:26.317", - "lastModified": "2023-11-13T14:12:08.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:57:53.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:powr:powr:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.0", + "matchCriteriaId": "7B600778-5200-4148-85EE-4AAF1864CE8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/powr-pack/trunk/src/pack.php?rev=2821707#L198", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/powr-pack/trunk/src/pack.php?rev=2821707#L201", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2967eae-82bb-4556-a21a-c5bb6b905c62?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json index 4a716f98a52..dce0268d316 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5747.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5747", "sourceIdentifier": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "published": "2023-11-13T08:15:26.530", - "lastModified": "2023-11-13T14:12:08.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-17T13:51:04.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + }, { "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", "type": "Secondary", @@ -54,10 +84,81 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1.1.37647", + "matchCriteriaId": "083DB67F-A636-4CC4-A731-8979EAA28E56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hanwhavision:pno-a6081r-e1t_firmware:2.21.02:*:*:*:*:*:*:*", + "matchCriteriaId": "90E127EA-B3E5-45CF-8087-EFBC66708548" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hanwhavision:pno-a6081r-e1t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D4A33CA-1CAA-4BC2-8B6A-E5AFDA5E19B5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hanwhavision:wave_server_software:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1.1.37647", + "matchCriteriaId": "083DB67F-A636-4CC4-A731-8979EAA28E56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hanwhavision:pno-a6081r-e2t_firmware:2.21.02:*:*:*:*:*:*:*", + "matchCriteriaId": "F3371638-F23E-4FA3-B0A4-44EF3426A056" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hanwhavision:pno-a6081r-e2t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0561EB6-5030-4BED-A531-236A2BB8AB43" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf", - "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882" + "source": "fc9afe74-3f80-4fb7-a313-e6f036a89882", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json index 8c30ce40b4b..c97bcb7a00b 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5997", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-15T18:15:06.873", - "lastModified": "2023-11-16T01:43:41.077", + "lastModified": "2023-11-17T13:15:09.187", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Use after free en Garbage Collection en Google Chrome anterior a 119.0.6045.159 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del heap a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], "metrics": {}, @@ -19,6 +23,10 @@ { "url": "https://crbug.com/1497997", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5556", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json index 8dfee8314ad..94e2c8d3f20 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6112", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-11-15T18:15:06.933", - "lastModified": "2023-11-16T01:43:41.077", + "lastModified": "2023-11-17T13:15:09.230", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Use after free en Navegaci\u00f3n en Google Chrome anterior a 119.0.6045.159 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del heap a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], "metrics": {}, @@ -19,6 +23,10 @@ { "url": "https://crbug.com/1499298", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5556", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/README.md b/README.md index c0806475ddb..29d9fb5a40f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-17T13:00:17.764570+00:00 +2023-11-17T15:00:17.971726+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-17T12:15:07.030000+00:00 +2023-11-17T14:50:40.710000+00:00 ``` ### Last Data Feed Release @@ -29,29 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231048 +231062 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `14` -* [CVE-2020-11447](CVE-2020/CVE-2020-114xx/CVE-2020-11447.json) (`2023-11-17T12:15:06.967`) -* [CVE-2020-11448](CVE-2020/CVE-2020-114xx/CVE-2020-11448.json) (`2023-11-17T12:15:07.030`) -* [CVE-2023-47066](CVE-2023/CVE-2023-470xx/CVE-2023-47066.json) (`2023-11-17T11:15:07.293`) -* [CVE-2023-47067](CVE-2023/CVE-2023-470xx/CVE-2023-47067.json) (`2023-11-17T11:15:07.793`) -* [CVE-2023-47068](CVE-2023/CVE-2023-470xx/CVE-2023-47068.json) (`2023-11-17T11:15:07.997`) -* [CVE-2023-47069](CVE-2023/CVE-2023-470xx/CVE-2023-47069.json) (`2023-11-17T11:15:08.200`) -* [CVE-2023-47070](CVE-2023/CVE-2023-470xx/CVE-2023-47070.json) (`2023-11-17T11:15:08.457`) -* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-11-17T11:15:08.660`) -* [CVE-2023-47072](CVE-2023/CVE-2023-470xx/CVE-2023-47072.json) (`2023-11-17T11:15:08.867`) -* [CVE-2023-47073](CVE-2023/CVE-2023-470xx/CVE-2023-47073.json) (`2023-11-17T11:15:09.060`) +* [CVE-2023-22268](CVE-2023/CVE-2023-222xx/CVE-2023-22268.json) (`2023-11-17T13:15:07.693`) +* [CVE-2023-22272](CVE-2023/CVE-2023-222xx/CVE-2023-22272.json) (`2023-11-17T13:15:07.897`) +* [CVE-2023-22273](CVE-2023/CVE-2023-222xx/CVE-2023-22273.json) (`2023-11-17T13:15:08.097`) +* [CVE-2023-22274](CVE-2023/CVE-2023-222xx/CVE-2023-22274.json) (`2023-11-17T13:15:08.277`) +* [CVE-2023-22275](CVE-2023/CVE-2023-222xx/CVE-2023-22275.json) (`2023-11-17T13:15:08.467`) +* [CVE-2023-44324](CVE-2023/CVE-2023-443xx/CVE-2023-44324.json) (`2023-11-17T13:15:08.927`) +* [CVE-2023-48029](CVE-2023/CVE-2023-480xx/CVE-2023-48029.json) (`2023-11-17T13:15:09.143`) +* [CVE-2023-26347](CVE-2023/CVE-2023-263xx/CVE-2023-26347.json) (`2023-11-17T14:15:20.867`) +* [CVE-2023-26364](CVE-2023/CVE-2023-263xx/CVE-2023-26364.json) (`2023-11-17T14:15:21.083`) +* [CVE-2023-44350](CVE-2023/CVE-2023-443xx/CVE-2023-44350.json) (`2023-11-17T14:15:21.293`) +* [CVE-2023-44351](CVE-2023/CVE-2023-443xx/CVE-2023-44351.json) (`2023-11-17T14:15:21.490`) +* [CVE-2023-44352](CVE-2023/CVE-2023-443xx/CVE-2023-44352.json) (`2023-11-17T14:15:21.693`) +* [CVE-2023-44353](CVE-2023/CVE-2023-443xx/CVE-2023-44353.json) (`2023-11-17T14:15:21.890`) +* [CVE-2023-44355](CVE-2023/CVE-2023-443xx/CVE-2023-44355.json) (`2023-11-17T14:15:22.083`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `61` +* [CVE-2023-39545](CVE-2023/CVE-2023-395xx/CVE-2023-39545.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-39546](CVE-2023/CVE-2023-395xx/CVE-2023-39546.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-39547](CVE-2023/CVE-2023-395xx/CVE-2023-39547.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-41101](CVE-2023/CVE-2023-411xx/CVE-2023-41101.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-41102](CVE-2023/CVE-2023-411xx/CVE-2023-41102.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-44325](CVE-2023/CVE-2023-443xx/CVE-2023-44325.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-44326](CVE-2023/CVE-2023-443xx/CVE-2023-44326.json) (`2023-11-17T13:58:59.840`) +* [CVE-2023-48078](CVE-2023/CVE-2023-480xx/CVE-2023-48078.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-45382](CVE-2023/CVE-2023-453xx/CVE-2023-45382.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-45387](CVE-2023/CVE-2023-453xx/CVE-2023-45387.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-48031](CVE-2023/CVE-2023-480xx/CVE-2023-48031.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-48648](CVE-2023/CVE-2023-486xx/CVE-2023-48648.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-48649](CVE-2023/CVE-2023-486xx/CVE-2023-48649.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-38130](CVE-2023/CVE-2023-381xx/CVE-2023-38130.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-42428](CVE-2023/CVE-2023-424xx/CVE-2023-42428.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-47283](CVE-2023/CVE-2023-472xx/CVE-2023-47283.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-47675](CVE-2023/CVE-2023-476xx/CVE-2023-47675.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-39548](CVE-2023/CVE-2023-395xx/CVE-2023-39548.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-47797](CVE-2023/CVE-2023-477xx/CVE-2023-47797.json) (`2023-11-17T13:59:04.600`) +* [CVE-2023-4775](CVE-2023/CVE-2023-47xx/CVE-2023-4775.json) (`2023-11-17T13:59:12.040`) +* [CVE-2023-47684](CVE-2023/CVE-2023-476xx/CVE-2023-47684.json) (`2023-11-17T14:12:47.883`) +* [CVE-2023-47363](CVE-2023/CVE-2023-473xx/CVE-2023-47363.json) (`2023-11-17T14:20:37.830`) +* [CVE-2023-47364](CVE-2023/CVE-2023-473xx/CVE-2023-47364.json) (`2023-11-17T14:22:55.423`) +* [CVE-2023-47365](CVE-2023/CVE-2023-473xx/CVE-2023-47365.json) (`2023-11-17T14:28:56.487`) +* [CVE-2023-47680](CVE-2023/CVE-2023-476xx/CVE-2023-47680.json) (`2023-11-17T14:50:40.710`) ## Download and Usage