From 4ce4757445267d73d8b1b568e78a2de7ea4b1568 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 4 Jan 2024 21:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-04T21:00:25.943994+00:00 --- CVE-2023/CVE-2023-274xx/CVE-2023-27447.json | 47 +++++++- CVE-2023/CVE-2023-325xx/CVE-2023-32513.json | 49 +++++++- CVE-2023/CVE-2023-327xx/CVE-2023-32795.json | 47 +++++++- CVE-2023/CVE-2023-339xx/CVE-2023-33952.json | 6 +- CVE-2023/CVE-2023-363xx/CVE-2023-36381.json | 47 +++++++- CVE-2023/CVE-2023-407xx/CVE-2023-40791.json | 16 +-- CVE-2023/CVE-2023-452xx/CVE-2023-45286.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45701.json | 81 ++++++++++++- CVE-2023/CVE-2023-457xx/CVE-2023-45702.json | 79 ++++++++++++- CVE-2023/CVE-2023-46xx/CVE-2023-4671.json | 46 +++++++- CVE-2023/CVE-2023-46xx/CVE-2023-4672.json | 36 +++++- CVE-2023/CVE-2023-471xx/CVE-2023-47118.json | 91 ++++++++++++++- CVE-2023/CVE-2023-500xx/CVE-2023-50038.json | 68 ++++++++++- CVE-2023/CVE-2023-502xx/CVE-2023-50267.json | 63 +++++++++- CVE-2023/CVE-2023-506xx/CVE-2023-50692.json | 64 ++++++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50836.json | 47 +++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50848.json | 47 +++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50851.json | 47 +++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50856.json | 47 +++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50857.json | 61 +++++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50859.json | 57 +++++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50860.json | 47 +++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50873.json | 47 +++++++- CVE-2023/CVE-2023-508xx/CVE-2023-50874.json | 47 +++++++- CVE-2023/CVE-2023-511xx/CVE-2023-51154.json | 20 ++++ CVE-2023/CVE-2023-513xx/CVE-2023-51386.json | 56 ++++++++- CVE-2023/CVE-2023-515xx/CVE-2023-51501.json | 53 ++++++++- CVE-2023/CVE-2023-517xx/CVE-2023-51767.json | 120 ++++++++++++++++++-- CVE-2023/CVE-2023-518xx/CVE-2023-51812.json | 20 ++++ CVE-2023/CVE-2023-520xx/CVE-2023-52079.json | 68 ++++++++++- CVE-2023/CVE-2023-520xx/CVE-2023-52082.json | 57 +++++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5442.json | 15 +++ CVE-2023/CVE-2023-56xx/CVE-2023-5619.json | 15 +++ CVE-2023/CVE-2023-69xx/CVE-2023-6918.json | 21 ++-- CVE-2023/CVE-2023-70xx/CVE-2023-7008.json | 92 ++++++++++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7098.json | 63 +++++++++- CVE-2023/CVE-2023-71xx/CVE-2023-7129.json | 61 +++++++++- CVE-2023/CVE-2023-71xx/CVE-2023-7163.json | 61 +++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21636.json | 63 ++++++++++ README.md | 68 +++++------ 40 files changed, 1882 insertions(+), 166 deletions(-) create mode 100644 CVE-2023/CVE-2023-511xx/CVE-2023-51154.json create mode 100644 CVE-2023/CVE-2023-518xx/CVE-2023-51812.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5442.json create mode 100644 CVE-2023/CVE-2023-56xx/CVE-2023-5619.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21636.json diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27447.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27447.json index 283d1a7d4af..add0849b040 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27447.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27447.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27447", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:07.973", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:32:40.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.0.4", + "matchCriteriaId": "35B32467-0333-4A3A-BB59-CAF7C594A06D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-0-4-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32513.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32513.json index 52f3cda6354..95816a0acdb 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32513.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32513.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32513", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:08.590", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:32:31.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,11 +11,31 @@ }, { "lang": "es", - "value": "Vulnerabilidad de deserializaci\u00f3n de de datos no confiables enGiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform. Este problema afecta a GiveWP \u2013 Donation Plugin and Fundraising Platform: desde n/a hasta 2.25.3." + "value": "Vulnerabilidad de deserializaci\u00f3n de de datos no confiables en GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform. Este problema afecta a GiveWP \u2013 Donation Plugin and Fundraising Platform: desde n/a hasta 2.25.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.25.3", + "matchCriteriaId": "9A521DF8-BFEC-4E16-B531-C127E8E2978D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/give/wordpress-give-donation-plugin-plugin-2-25-3-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32795.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32795.json index 2343278b370..d522f7e24d1 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32795.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32795.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32795", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:08.833", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:23:26.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:product_addons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.1.3", + "matchCriteriaId": "C4A56CCE-859D-4EE5-8817-F3954ECFC5F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33952.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33952.json index 1293dbeeecf..4861a8ca0e0 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33952.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33952.json @@ -2,12 +2,12 @@ "id": "CVE-2023-33952", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:11.893", - "lastModified": "2023-12-28T14:39:16.187", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-04T20:15:24.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel." + "value": "A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36381.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36381.json index 1c8acdc23ce..526bfb07204 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36381.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36381.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36381", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:09.067", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:22:53.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gesundheit-bewegt:zippy:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.5", + "matchCriteriaId": "DF44C6C7-813D-4D66-A886-9443AF5A9085" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-3-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json index f7016358678..cbfe803d4ef 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40791.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40791", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-16T03:15:09.273", - "lastModified": "2023-12-28T16:13:37.483", + "lastModified": "2024-01-04T19:08:57.303", "vulnStatus": "Analyzed", "descriptions": [ { @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "baseScore": 6.3, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 1.0, "impactScore": 5.2 } ] diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json index 6a139f0e4e4..82ab62f0db7 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45286.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45286", "sourceIdentifier": "security@golang.org", "published": "2023-11-28T17:15:08.280", - "lastModified": "2023-12-05T21:06:03.273", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-04T19:15:08.737", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e", + "source": "security@golang.org" + }, { "url": "https://github.com/go-resty/resty/issues/739", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45701.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45701.json index e3bca26ec2c..d3c773f01f2 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45701.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45701.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45701", "sourceIdentifier": "psirt@hcl.com", "published": "2023-12-28T07:15:07.697", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:25:30.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -38,10 +58,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0.0", + "versionEndIncluding": "7.0.5.18", + "matchCriteriaId": "CFDE380B-3BE7-44C0-9444-27A190988235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.1.0.0", + "versionEndIncluding": "7.1.2.14", + "matchCriteriaId": "266AA98B-117B-4595-BEC5-6F6D8AAEB766" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0.0", + "versionEndIncluding": "7.2.3.7", + "matchCriteriaId": "13DB3712-458B-46C4-BCEF-D3F479F0E353" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3.0.0", + "versionEndIncluding": "7.3.2.2", + "matchCriteriaId": "7607DCB2-257F-4908-8E86-3A820F857314" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108645", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45702.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45702.json index b9f7f1aaffe..3ed2379a136 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45702.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45702", "sourceIdentifier": "psirt@hcl.com", "published": "2023-12-28T08:15:35.710", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:14:34.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -38,10 +58,63 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0.0", + "versionEndIncluding": "7.2.3.7", + "matchCriteriaId": "13DB3712-458B-46C4-BCEF-D3F479F0E353" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3.0.0", + "versionEndIncluding": "7.3.2.2", + "matchCriteriaId": "7607DCB2-257F-4908-8E86-3A820F857314" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108646", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4671.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4671.json index 0ca2726ad69..751fb814faa 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4671.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4671.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4671", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-12-28T10:15:08.043", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:11:33.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "iletisim@usom.gov.tr", "type": "Secondary", @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:talentyazilim:ecop:32255:*:*:*:*:*:*:*", + "matchCriteriaId": "18D6BFC2-47CC-491A-A319-88CBBCC5FF7B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0737", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4672.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4672.json index 353a40adf29..6694c4d5daa 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4672.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4672.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4672", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-12-28T10:15:08.423", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:09:31.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -39,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "iletisim@usom.gov.tr", "type": "Secondary", @@ -50,10 +60,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:talentyazilim:ecop:32255:*:*:*:*:*:*:*", + "matchCriteriaId": "18D6BFC2-47CC-491A-A319-88CBBCC5FF7B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0737", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json index f0206d4ffea..9ff1e57d7ba 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47118.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47118", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-20T17:15:08.623", - "lastModified": "2023-12-20T19:52:41.030", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:12:19.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.\n" + }, + { + "lang": "es", + "value": "ClickHouse\u00ae es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Se descubri\u00f3 un problema de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el servidor ClickHouse. Un atacante podr\u00eda enviar un payload especialmente manipulado a la interfaz nativa expuesta de forma predeterminada en el puerto 9000/tcp, lo que desencadenar\u00eda un error en la l\u00f3gica de descompresi\u00f3n del c\u00f3dec T64 que bloquear\u00eda el proceso del servidor ClickHouse. Este ataque no requiere autenticaci\u00f3n. Tenga en cuenta que esta explotaci\u00f3n tambi\u00e9n se puede activar a trav\u00e9s del protocolo HTTP; sin embargo, el atacante necesitar\u00e1 unas credenciales v\u00e1lidas ya que la autenticaci\u00f3n HTTP se realiza primero. Este problema se solucion\u00f3 en la versi\u00f3n 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts y 23.3.16.7-lts." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:lts:*:*:*", + "versionStartIncluding": "23.3", + "versionEndExcluding": "23.3.16.7", + "matchCriteriaId": "9F6DA246-2CAE-4275-9B8F-BB2B62552CB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:lts:*:*:*", + "versionStartIncluding": "23.8", + "versionEndExcluding": "23.8.6.16", + "matchCriteriaId": "119AE2ED-89C2-4BAD-815E-E99C43100931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.9", + "versionEndExcluding": "23.9.4.11", + "matchCriteriaId": "FED37B9B-2283-4183-AFD5-0DFAE3977952" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.10", + "versionEndExcluding": "23.10.2.13", + "matchCriteriaId": "6A5FD4A2-291E-432A-8597-1FFD90B6340D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.9.2.47475", + "matchCriteriaId": "CFB5BAAB-45AC-456E-B617-43F0F9A22CAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50038.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50038.json index 8af78b15004..57767503b7f 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50038.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50038.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50038", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T07:15:08.790", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:18:57.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,73 @@ "value": "Existe una vulnerabilidad de carga de archivos arbitraria en el background de textpattern cms v4.8.8, lo que provoca la p\u00e9rdida de permisos del servidor." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:textpattern:textpattern:4.8.8:-:*:*:*:*:*:*", + "matchCriteriaId": "B45DA227-247A-48F3-BA4A-60DAAA505410" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/LeopoldSkell/7e18bf09005c327a045abbfe39b1e676", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.cnblogs.com/fengzun/articles/17862578.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50267.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50267.json index 3c488a241d1..bd2e5ce6740 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50267.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50267.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50267", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-28T16:16:01.650", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:18:35.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds." + }, + { + "lang": "es", + "value": "MeterSphere es una plataforma integral de pruebas continuas de c\u00f3digo abierto. Antes de 2.10.10-lts, los atacantes autenticados pueden actualizar recursos que no le pertenecen si conocen el ID del recurso. Este problema se solucion\u00f3 en 2.10.10-lts. No se conocen workarounds. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +84,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "2.10.10", + "matchCriteriaId": "BA682301-E183-4BFE-9B56-5B3AC995997F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-rcp4-c5p2-58v9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-506xx/CVE-2023-50692.json b/CVE-2023/CVE-2023-506xx/CVE-2023-50692.json index 03bd1da04fc..04f82429600 100644 --- a/CVE-2023/CVE-2023-506xx/CVE-2023-50692.json +++ b/CVE-2023/CVE-2023-506xx/CVE-2023-50692.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50692", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-28T06:15:44.400", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:25:53.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de carga de archivos en JIZHICMS v.2.5, permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado cargado y descargado en el par\u00e1metro download_url en el directorio app/admin/exts/." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jizhicms:jizhicms:2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "664B42DA-E99F-4635-A831-84CB9B9EA165" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Cherry-toto/jizhicms/issues/91", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50836.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50836.json index 3a4fd26b070..93b2068ce51 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50836.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50836.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50836", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:09.333", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:22:15.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibericode:html_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.28", + "matchCriteriaId": "5DFFE300-4B0C-4C76-B43D-3630254EB616" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/html-forms/wordpress-html-forms-plugin-1-3-28-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50848.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50848.json index d00c4f73775..9984dc0644d 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50848.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50848.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50848", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T12:15:42.750", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:20:23.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.35.0", + "matchCriteriaId": "FEC9148F-4F77-4837-916A-2524C7AD658F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50851.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50851.json index c49547707a5..2e8e8384e0a 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50851.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50851.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50851", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T12:15:43.193", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:07:34.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.6.1", + "matchCriteriaId": "A46E813D-97AB-4435-A42A-8B91A56E350F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simply-schedule-appointments/wordpress-simply-schedule-appointments-booking-plugin-1-6-6-1-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50856.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50856.json index fdafd589424..17d02d9e564 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50856.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50856.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50856", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:09.560", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:21:58.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:funnelkit:funnel_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.14.3", + "matchCriteriaId": "EB5DFF02-E0B5-4697-8CE7-A5C136AA7C56" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/funnel-builder/wordpress-funnel-builder-for-wordpress-by-funnelkit-plugin-2-14-3-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50857.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50857.json index 4112c9b579e..6320dbf8643 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50857.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50857.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50857", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:09.900", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:21:42.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.1", + "matchCriteriaId": "4CDE6D51-6ECC-4003-9798-0CCDFA073912" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-automation-by-funnelkit-plugin-2-6-1-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "nvd@nist.gov" + }, + { + "url": "https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-automation-by-funnelkit-plugin-2-6-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50859.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50859.json index c194b72c784..deab8e531ea 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50859.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50859", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:10.357", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:21:18.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeum:wp_crowdfunding:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.6", + "matchCriteriaId": "D8F58964-4D96-484C-879D-615EB7242D90" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-crowdfunding/wordpress-wp-crowdfunding-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50860.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50860.json index a4d0997a044..69d3fe9692e 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50860.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50860", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:10.573", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:21:02.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tms-outsource:amelia:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.85", + "matchCriteriaId": "9D037DB2-3641-4CE7-8824-000D91551380" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ameliabooking/wordpress-amelia-plugin-1-0-85-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50873.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50873.json index 933a8181d8b..fd61fb27dca 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50873.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50873.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50873", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T11:15:10.797", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:20:51.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:infolific:add_any_extension_to_pages:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4", + "matchCriteriaId": "9B3A9E44-A030-49CA-B31B-84081C6F91DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/add-any-extension-to-pages/wordpress-add-any-extension-to-pages-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50874.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50874.json index 69087ca6c2c..56f2726a314 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50874.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50874.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50874", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T10:15:08.730", - "lastModified": "2023-12-28T15:09:53.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T20:03:30.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:connekthq:ajax_load_more:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.1.0.1", + "matchCriteriaId": "62DFA02E-BAC9-43D2-9931-D58281923F74" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ajax-load-more/wordpress-ajax-load-more-plugin-6-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51154.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51154.json new file mode 100644 index 00000000000..6a0d8485fbc --- /dev/null +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51154.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51154", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-04T19:15:08.850", + "lastModified": "2024-01-04T19:15:08.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitee.com/blue_ty/cms/issues/I8O7IV", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json index ec20a3a184f..8094e9181af 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51386.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51386", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T22:15:07.827", - "lastModified": "2023-12-25T03:08:20.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:16:10.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0." + }, + { + "lang": "es", + "value": "Sandbox Accounts for Events proporciona m\u00faltiples cuentas temporales de AWS a varios usuarios autenticados simult\u00e1neamente a trav\u00e9s de una GUI basada en navegador. Los usuarios autenticados podr\u00edan leer datos de la tabla de eventos enviando payloads de solicitudes a la API de eventos, recopilando informaci\u00f3n sobre eventos planificados, plazos, presupuestos y direcciones de correo electr\u00f3nico de los propietarios. Este acceso a los datos puede permitir a los usuarios obtener informaci\u00f3n sobre los pr\u00f3ximos eventos y unirse a eventos a los que no han sido invitados. Este problema se solucion\u00f3 en la versi\u00f3n 1.10.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:amazon:awslabs_sandbox_accounts_for_events:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1.0", + "matchCriteriaId": "BC15DDF8-BE84-4B47-A804-CEF17DCC9722" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-p7w3-j66h-m7mx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51501.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51501.json index d96a4a5a0fa..ce887c774de 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51501.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51501.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51501", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-28T10:15:09.033", - "lastModified": "2023-12-28T15:09:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:46:39.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:undsgn:uncode:*:*:*:*:*:woocommerce:*:*", + "versionEndIncluding": "2.8.6", + "matchCriteriaId": "3E23F045-7358-4623-B9B9-2C0E538F505F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:undsgn:uncode:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.6", + "matchCriteriaId": "DBAB31F5-54A3-4426-B991-D5003A28A62C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51767.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51767.json index 6abf41f9bd8..693badbfb8c 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51767.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51767.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51767", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T07:15:07.410", - "lastModified": "2023-12-26T17:15:08.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:18:14.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,27 +14,131 @@ "value": "OpenSSH hasta 9.6, cuando se utilizan tipos comunes de DRAM, podr\u00eda permitir row hammer attacks (para omitir la autenticaci\u00f3n) porque el valor entero de autenticado en mm_answer_authpassword no resiste cambios de un solo bit. NOTA: esto es aplicable a un determinado modelo de amenaza de ubicaci\u00f3n conjunta entre atacante y v\u00edctima en el que el atacante tiene privilegios de usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openssh:openssh:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.6", + "matchCriteriaId": "7AD424BA-D8D3-4E31-AD50-5D5924F33D04" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-51767", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://arxiv.org/abs/2309.02545", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51812.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51812.json new file mode 100644 index 00000000000..51f24aea14d --- /dev/null +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51812.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51812", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-04T19:15:08.920", + "lastModified": "2024-01-04T19:15:08.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitee.com/blue_ty/cms/issues/I8PG2A", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52079.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52079.json index d156521af76..8e8dc89efe8 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52079.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52079.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52079", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-28T16:16:01.863", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:24:22.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. \nExploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue." + }, + { + "lang": "es", + "value": "msgpackr es una implementaci\u00f3n r\u00e1pida de MessagePack NodeJS/JavaScript. Antes de la versi\u00f3n 1.10.1, al decodificar mensajes MessagePack proporcionados por el usuario, los usuarios pod\u00edan activar hilos atascados creando mensajes que mantuvieran el decodificador atascado en un bucle. La soluci\u00f3n est\u00e1 disponible en v1.10.1. Las explotaciones parecen requerir una clonaci\u00f3n estructurada; reemplazar la extensi\u00f3n 0x70 con la suya propia (que arroja un error o hace algo m\u00e1s que una referencia recursiva) deber\u00eda mitigar el problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +84,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kriszyp:msgpackr:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.10.1", + "matchCriteriaId": "A069FF92-55B5-4F7B-B10E-36BF23E6185A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kriszyp/msgpackr/commit/18f44f8800e2261341cdf489d1ba1e35a0133602", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/kriszyp/msgpackr/security/advisories/GHSA-7hpj-7hhx-2fgx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52082.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52082.json index cfb0ddda307..d27a5b18698 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52082.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52082.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52082", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-28T16:16:02.290", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:31:50.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging.\n" + }, + { + "lang": "es", + "value": "Lychee es una herramienta gratuita de gesti\u00f3n de fotograf\u00edas. Antes de 5.0.2, Lychee es vulnerable a una inyecci\u00f3n SQL en cualquier enlace cuando se usa mysql/mariadb. Esta inyecci\u00f3n solo est\u00e1 activa para usuarios con la configuraci\u00f3n `.env` configurada en DB_LOG_SQL=true y DB_LOG_SQL_EXPLAIN=true. La configuraci\u00f3n predeterminada de Lychee es segura. El parche se proporciona en la versi\u00f3n 5.0.2. Para solucionar este problema, deshabilite el registro SQL EXPLAIN." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lycheeorg:lychee:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9.3", + "versionEndExcluding": "5.0.2", + "matchCriteriaId": "28BDD1B9-7255-4D9C-B4B2-EB8D485770EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/LycheeOrg/Lychee/commit/33354a2ce7cf700cc4ee537b7b8b94dfc1e84ad4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-rjwv-5j3m-p5x4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5442.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5442.json new file mode 100644 index 00000000000..6e2f7691bcf --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5442.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-5442", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-01-04T19:15:08.970", + "lastModified": "2024-01-04T19:15:08.970", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6991. Reason: This candidate is a reservation duplicate of CVE-2023-6991. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5619.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5619.json new file mode 100644 index 00000000000..daf2f3c2907 --- /dev/null +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5619.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-5619", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-01-04T20:15:25.230", + "lastModified": "2024-01-04T20:15:25.230", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6530. Reason: This candidate is a reservation duplicate of CVE-2023-6530. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6918.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6918.json index 02c5c40c7ea..d291d62091f 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6918.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6918.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6918", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-19T00:15:08.460", - "lastModified": "2024-01-03T08:15:09.780", - "vulnStatus": "Modified", + "lastModified": "2024-01-04T20:21:35.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,20 +21,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, - "impactScore": 5.2 + "impactScore": 1.4 }, { "source": "secalert@redhat.com", @@ -209,7 +209,10 @@ }, { "url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json index dd690c12473..f61ba9e88d0 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7008", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-23T13:15:07.573", - "lastModified": "2023-12-25T03:08:20.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:14:33.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen los registros." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,22 +80,68 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*", + "matchCriteriaId": "64D83463-13ED-430C-8C40-2237DF0E3643" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-7008", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/systemd/systemd/issues/25676", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7098.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7098.json index f8720999c01..8f5a16d30ea 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7098.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7098.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7098", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-25T02:15:44.603", - "lastModified": "2023-12-25T03:08:09.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:20:00.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-248950 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en icret EasyImages 2.8.3. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo app/hide.php. La manipulaci\u00f3n de la clave del argumento conduce a path traversal: '../filedir'. El ataque se puede iniciar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248950 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easyimages2.0_project:easyimages2.0:2.8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "0D65AF2B-CA7A-487D-9479-C0686FA306ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/MHnV2WLY9rxU", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.248950", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.248950", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7129.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7129.json index 6dba7b2087e..532f3ecfa83 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7129.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7129.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7129", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-28T16:16:02.497", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:39:40.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Voting System 1.0. Una funci\u00f3n desconocida del componente Voters Login es afectada por esta funci\u00f3n. La manipulaci\u00f3n del argumento voter conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249132." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:voting_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "33C83C8E-8FB2-49CD-BC33-09F4CCCFF79E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/h4md153v63n/CVEs/blob/main/Voting_System/Voting_System-SQL_Injection-2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249132", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249132", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7163.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7163.json index 6cc71986138..8baab94c9b0 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7163.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7163.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7163", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-12-28T16:16:02.730", - "lastModified": "2023-12-28T19:05:29.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-04T19:56:45.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes.\n\n" + }, + { + "lang": "es", + "value": "Existe un problema de seguridad en D-Link D-View 8 v2.0.2.89 y anteriores que podr\u00eda permitir a un atacante manipular el inventario de sonda del servicio D-View. Esto podr\u00eda dar como resultado la divulgaci\u00f3n de informaci\u00f3n de otras sondas, la denegaci\u00f3n de condiciones de servicio debido a que el inventario de la sonda se llena o la ejecuci\u00f3n de tareas en otras sondas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dlink:d-view_8:2.0.2.89:*:*:*:*:*:*:*", + "matchCriteriaId": "A91C8832-E4F4-47AD-986A-2C63EEBF9B6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://tenable.com/security/research/tra-2023-43", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21636.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21636.json new file mode 100644 index 00000000000..3a87ee7976c --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21636.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-21636", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-04T20:15:25.300", + "lastModified": "2024-01-04T20:15:25.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ViewComponent/view_component/pull/1950", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 53780dfb355..96a4407f801 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-04T19:00:25.444381+00:00 +2024-01-04T21:00:25.943994+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-04T18:53:13.777000+00:00 +2024-01-04T20:25:53.587000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234878 +234883 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2023-6270](CVE-2023/CVE-2023-62xx/CVE-2023-6270.json) (`2024-01-04T17:15:08.803`) +* [CVE-2023-51154](CVE-2023/CVE-2023-511xx/CVE-2023-51154.json) (`2024-01-04T19:15:08.850`) +* [CVE-2023-51812](CVE-2023/CVE-2023-518xx/CVE-2023-51812.json) (`2024-01-04T19:15:08.920`) +* [CVE-2023-5442](CVE-2023/CVE-2023-54xx/CVE-2023-5442.json) (`2024-01-04T19:15:08.970`) +* [CVE-2023-5619](CVE-2023/CVE-2023-56xx/CVE-2023-5619.json) (`2024-01-04T20:15:25.230`) +* [CVE-2024-21636](CVE-2024/CVE-2024-216xx/CVE-2024-21636.json) (`2024-01-04T20:15:25.300`) ### CVEs modified in the last Commit -Recently modified CVEs: `51` - -* [CVE-2023-7123](CVE-2023/CVE-2023-71xx/CVE-2023-7123.json) (`2024-01-04T18:35:57.930`) -* [CVE-2023-49003](CVE-2023/CVE-2023-490xx/CVE-2023-49003.json) (`2024-01-04T18:36:38.453`) -* [CVE-2023-7047](CVE-2023/CVE-2023-70xx/CVE-2023-7047.json) (`2024-01-04T18:37:04.157`) -* [CVE-2023-5939](CVE-2023/CVE-2023-59xx/CVE-2023-5939.json) (`2024-01-04T18:41:13.330`) -* [CVE-2023-49001](CVE-2023/CVE-2023-490xx/CVE-2023-49001.json) (`2024-01-04T18:45:26.187`) -* [CVE-2023-49000](CVE-2023/CVE-2023-490xx/CVE-2023-49000.json) (`2024-01-04T18:45:41.737`) -* [CVE-2023-5931](CVE-2023/CVE-2023-59xx/CVE-2023-5931.json) (`2024-01-04T18:45:49.370`) -* [CVE-2023-51084](CVE-2023/CVE-2023-510xx/CVE-2023-51084.json) (`2024-01-04T18:46:23.653`) -* [CVE-2023-51080](CVE-2023/CVE-2023-510xx/CVE-2023-51080.json) (`2024-01-04T18:46:45.783`) -* [CVE-2023-3726](CVE-2023/CVE-2023-37xx/CVE-2023-3726.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50760](CVE-2023/CVE-2023-507xx/CVE-2023-50760.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50862](CVE-2023/CVE-2023-508xx/CVE-2023-50862.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50863](CVE-2023/CVE-2023-508xx/CVE-2023-50863.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50864](CVE-2023/CVE-2023-508xx/CVE-2023-50864.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50865](CVE-2023/CVE-2023-508xx/CVE-2023-50865.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50866](CVE-2023/CVE-2023-508xx/CVE-2023-50866.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-50867](CVE-2023/CVE-2023-508xx/CVE-2023-50867.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-6551](CVE-2023/CVE-2023-65xx/CVE-2023-6551.json) (`2024-01-04T18:46:53.270`) -* [CVE-2023-5674](CVE-2023/CVE-2023-56xx/CVE-2023-5674.json) (`2024-01-04T18:49:34.613`) -* [CVE-2023-0011](CVE-2023/CVE-2023-00xx/CVE-2023-0011.json) (`2024-01-04T18:50:39.487`) -* [CVE-2023-37544](CVE-2023/CVE-2023-375xx/CVE-2023-37544.json) (`2024-01-04T18:52:01.020`) -* [CVE-2023-48116](CVE-2023/CVE-2023-481xx/CVE-2023-48116.json) (`2024-01-04T18:52:20.000`) -* [CVE-2023-48115](CVE-2023/CVE-2023-481xx/CVE-2023-48115.json) (`2024-01-04T18:52:28.027`) -* [CVE-2023-48114](CVE-2023/CVE-2023-481xx/CVE-2023-48114.json) (`2024-01-04T18:52:42.640`) -* [CVE-2024-21625](CVE-2024/CVE-2024-216xx/CVE-2024-21625.json) (`2024-01-04T18:46:53.270`) +Recently modified CVEs: `34` + +* [CVE-2023-50848](CVE-2023/CVE-2023-508xx/CVE-2023-50848.json) (`2024-01-04T19:20:23.247`) +* [CVE-2023-50873](CVE-2023/CVE-2023-508xx/CVE-2023-50873.json) (`2024-01-04T19:20:51.227`) +* [CVE-2023-50860](CVE-2023/CVE-2023-508xx/CVE-2023-50860.json) (`2024-01-04T19:21:02.913`) +* [CVE-2023-50859](CVE-2023/CVE-2023-508xx/CVE-2023-50859.json) (`2024-01-04T19:21:18.457`) +* [CVE-2023-50857](CVE-2023/CVE-2023-508xx/CVE-2023-50857.json) (`2024-01-04T19:21:42.530`) +* [CVE-2023-50856](CVE-2023/CVE-2023-508xx/CVE-2023-50856.json) (`2024-01-04T19:21:58.083`) +* [CVE-2023-50836](CVE-2023/CVE-2023-508xx/CVE-2023-50836.json) (`2024-01-04T19:22:15.323`) +* [CVE-2023-36381](CVE-2023/CVE-2023-363xx/CVE-2023-36381.json) (`2024-01-04T19:22:53.737`) +* [CVE-2023-32795](CVE-2023/CVE-2023-327xx/CVE-2023-32795.json) (`2024-01-04T19:23:26.827`) +* [CVE-2023-52079](CVE-2023/CVE-2023-520xx/CVE-2023-52079.json) (`2024-01-04T19:24:22.547`) +* [CVE-2023-52082](CVE-2023/CVE-2023-520xx/CVE-2023-52082.json) (`2024-01-04T19:31:50.127`) +* [CVE-2023-32513](CVE-2023/CVE-2023-325xx/CVE-2023-32513.json) (`2024-01-04T19:32:31.050`) +* [CVE-2023-27447](CVE-2023/CVE-2023-274xx/CVE-2023-27447.json) (`2024-01-04T19:32:40.140`) +* [CVE-2023-7129](CVE-2023/CVE-2023-71xx/CVE-2023-7129.json) (`2024-01-04T19:39:40.933`) +* [CVE-2023-51501](CVE-2023/CVE-2023-515xx/CVE-2023-51501.json) (`2024-01-04T19:46:39.560`) +* [CVE-2023-7163](CVE-2023/CVE-2023-71xx/CVE-2023-7163.json) (`2024-01-04T19:56:45.747`) +* [CVE-2023-50874](CVE-2023/CVE-2023-508xx/CVE-2023-50874.json) (`2024-01-04T20:03:30.020`) +* [CVE-2023-4672](CVE-2023/CVE-2023-46xx/CVE-2023-4672.json) (`2024-01-04T20:09:31.050`) +* [CVE-2023-4671](CVE-2023/CVE-2023-46xx/CVE-2023-4671.json) (`2024-01-04T20:11:33.097`) +* [CVE-2023-45702](CVE-2023/CVE-2023-457xx/CVE-2023-45702.json) (`2024-01-04T20:14:34.343`) +* [CVE-2023-33952](CVE-2023/CVE-2023-339xx/CVE-2023-33952.json) (`2024-01-04T20:15:24.550`) +* [CVE-2023-50038](CVE-2023/CVE-2023-500xx/CVE-2023-50038.json) (`2024-01-04T20:18:57.593`) +* [CVE-2023-6918](CVE-2023/CVE-2023-69xx/CVE-2023-6918.json) (`2024-01-04T20:21:35.297`) +* [CVE-2023-45701](CVE-2023/CVE-2023-457xx/CVE-2023-45701.json) (`2024-01-04T20:25:30.933`) +* [CVE-2023-50692](CVE-2023/CVE-2023-506xx/CVE-2023-50692.json) (`2024-01-04T20:25:53.587`) ## Download and Usage