From 663d2c654fea344d2b3768c38dd648930f6981a1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 21 Dec 2023 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-21T21:00:24.563922+00:00 --- CVE-2022/CVE-2022-230xx/CVE-2022-23096.json | 9 +- CVE-2022/CVE-2022-230xx/CVE-2022-23097.json | 9 +- CVE-2022/CVE-2022-230xx/CVE-2022-23098.json | 9 +- CVE-2022/CVE-2022-403xx/CVE-2022-40312.json | 51 +++- CVE-2023/CVE-2023-225xx/CVE-2023-22508.json | 10 +- CVE-2023/CVE-2023-308xx/CVE-2023-30867.json | 68 ++++- CVE-2023/CVE-2023-327xx/CVE-2023-32747.json | 55 ++++ CVE-2023/CVE-2023-327xx/CVE-2023-32799.json | 55 ++++ CVE-2023/CVE-2023-332xx/CVE-2023-33217.json | 269 +++++++++++++++++++- CVE-2023/CVE-2023-332xx/CVE-2023-33218.json | 269 +++++++++++++++++++- CVE-2023/CVE-2023-332xx/CVE-2023-33219.json | 269 +++++++++++++++++++- CVE-2023/CVE-2023-332xx/CVE-2023-33220.json | 269 +++++++++++++++++++- CVE-2023/CVE-2023-332xx/CVE-2023-33221.json | 269 +++++++++++++++++++- CVE-2023/CVE-2023-39xx/CVE-2023-3907.json | 81 +++++- CVE-2023/CVE-2023-43xx/CVE-2023-4311.json | 69 ++++- CVE-2023/CVE-2023-444xx/CVE-2023-44481.json | 59 +++++ CVE-2023/CVE-2023-444xx/CVE-2023-44482.json | 59 +++++ CVE-2023/CVE-2023-451xx/CVE-2023-45124.json | 59 +++++ CVE-2023/CVE-2023-451xx/CVE-2023-45125.json | 59 +++++ CVE-2023/CVE-2023-451xx/CVE-2023-45126.json | 59 +++++ CVE-2023/CVE-2023-451xx/CVE-2023-45127.json | 59 +++++ CVE-2023/CVE-2023-467xx/CVE-2023-46791.json | 59 +++++ CVE-2023/CVE-2023-471xx/CVE-2023-47191.json | 55 ++++ CVE-2023/CVE-2023-478xx/CVE-2023-47806.json | 61 ++++- CVE-2023/CVE-2023-491xx/CVE-2023-49155.json | 47 +++- CVE-2023/CVE-2023-497xx/CVE-2023-49765.json | 55 ++++ CVE-2023/CVE-2023-502xx/CVE-2023-50271.json | 73 +++++- CVE-2023/CVE-2023-507xx/CVE-2023-50732.json | 63 +++++ CVE-2023/CVE-2023-508xx/CVE-2023-50834.json | 55 ++++ CVE-2023/CVE-2023-50xx/CVE-2023-5005.json | 85 ++++++- CVE-2023/CVE-2023-53xx/CVE-2023-5348.json | 69 ++++- CVE-2023/CVE-2023-58xx/CVE-2023-5882.json | 75 +++++- CVE-2023/CVE-2023-58xx/CVE-2023-5886.json | 75 +++++- CVE-2023/CVE-2023-60xx/CVE-2023-6065.json | 74 +++++- CVE-2023/CVE-2023-60xx/CVE-2023-6077.json | 69 ++++- CVE-2023/CVE-2023-62xx/CVE-2023-6203.json | 69 ++++- CVE-2023/CVE-2023-62xx/CVE-2023-6222.json | 74 +++++- CVE-2023/CVE-2023-62xx/CVE-2023-6289.json | 69 ++++- CVE-2023/CVE-2023-62xx/CVE-2023-6295.json | 69 ++++- CVE-2023/CVE-2023-65xx/CVE-2023-6546.json | 63 +++++ CVE-2023/CVE-2023-65xx/CVE-2023-6553.json | 93 ++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6817.json | 109 +++++++- CVE-2023/CVE-2023-68xx/CVE-2023-6839.json | 75 +++++- CVE-2023/CVE-2023-68xx/CVE-2023-6894.json | 228 ++++++++++++++++- CVE-2023/CVE-2023-69xx/CVE-2023-6903.json | 58 ++++- CVE-2023/CVE-2023-69xx/CVE-2023-6904.json | 56 +++- CVE-2023/CVE-2023-69xx/CVE-2023-6905.json | 56 +++- CVE-2023/CVE-2023-70xx/CVE-2023-7039.json | 88 +++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7040.json | 88 +++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7041.json | 88 +++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7042.json | 63 +++++ README.md | 94 +++---- 52 files changed, 4296 insertions(+), 174 deletions(-) create mode 100644 CVE-2023/CVE-2023-327xx/CVE-2023-32747.json create mode 100644 CVE-2023/CVE-2023-327xx/CVE-2023-32799.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44481.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44482.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45124.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45125.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45126.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45127.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46791.json create mode 100644 CVE-2023/CVE-2023-471xx/CVE-2023-47191.json create mode 100644 CVE-2023/CVE-2023-497xx/CVE-2023-49765.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50732.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50834.json create mode 100644 CVE-2023/CVE-2023-65xx/CVE-2023-6546.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7039.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7040.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7041.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7042.json diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23096.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23096.json index 55278c6acd1..6cda819b83f 100644 --- a/CVE-2022/CVE-2022-230xx/CVE-2022-23096.json +++ b/CVE-2022/CVE-2022-230xx/CVE-2022-23096.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23096", "sourceIdentifier": "cve@mitre.org", "published": "2022-01-28T16:15:07.897", - "lastModified": "2023-10-31T08:15:07.387", - "vulnStatus": "Modified", + "lastModified": "2023-12-21T20:11:00.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -132,7 +132,10 @@ }, { "url": "https://security.gentoo.org/glsa/202310-21", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2022/dsa-5231", diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23097.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23097.json index c1bdaa7bf08..a25f9766a19 100644 --- a/CVE-2022/CVE-2022-230xx/CVE-2022-23097.json +++ b/CVE-2022/CVE-2022-230xx/CVE-2022-23097.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23097", "sourceIdentifier": "cve@mitre.org", "published": "2022-01-28T16:15:07.943", - "lastModified": "2023-10-31T08:15:07.503", - "vulnStatus": "Modified", + "lastModified": "2023-12-21T20:10:57.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -132,7 +132,10 @@ }, { "url": "https://security.gentoo.org/glsa/202310-21", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2022/dsa-5231", diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23098.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23098.json index f83a0cc0962..eeb8cd59680 100644 --- a/CVE-2022/CVE-2022-230xx/CVE-2022-23098.json +++ b/CVE-2022/CVE-2022-230xx/CVE-2022-23098.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23098", "sourceIdentifier": "cve@mitre.org", "published": "2022-01-28T16:15:07.990", - "lastModified": "2023-10-31T08:15:07.567", - "vulnStatus": "Modified", + "lastModified": "2023-12-21T19:26:25.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -132,7 +132,10 @@ }, { "url": "https://security.gentoo.org/glsa/202310-21", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2022/dsa-5231", diff --git a/CVE-2022/CVE-2022-403xx/CVE-2022-40312.json b/CVE-2022/CVE-2022-403xx/CVE-2022-40312.json index 59e461a628f..41251e9d702 100644 --- a/CVE-2022/CVE-2022-403xx/CVE-2022-40312.json +++ b/CVE-2022/CVE-2022-403xx/CVE-2022-40312.json @@ -2,16 +2,40 @@ "id": "CVE-2022-40312", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T15:15:08.623", - "lastModified": "2023-12-18T17:24:19.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:17:59.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (SSRF) en GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform. Este problema afecta a GiveWP \u2013 Donation Plugin and Fundraising Platform: desde n/a hasta 2.25.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.25.1", + "matchCriteriaId": "6C4CDACF-6460-44AF-9F00-0D5E5E54E3E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json index 691573cf682..8a5d465a645 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json @@ -2,7 +2,7 @@ "id": "CVE-2023-22508", "sourceIdentifier": "security@atlassian.com", "published": "2023-07-18T23:15:09.297", - "lastModified": "2023-07-31T17:12:30.293", + "lastModified": "2023-12-21T20:11:44.330", "vulnStatus": "Analyzed", "descriptions": [ { @@ -92,9 +92,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", - "versionStartIncluding": "8.0.0", + "versionStartIncluding": "7.20.0", "versionEndExcluding": "8.2.0", - "matchCriteriaId": "0CFB6784-FD6E-4346-BC1E-3A53DFAAD9B0" + "matchCriteriaId": "7D5FBFE8-F97B-4E6B-B6AB-7EF9955B66BA" }, { "vulnerable": true, @@ -113,9 +113,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", - "versionStartIncluding": "8.0.0", + "versionStartIncluding": "7.20.0", "versionEndExcluding": "8.2.0", - "matchCriteriaId": "61ABEF8D-B940-44CF-845B-238A23DBEA02" + "matchCriteriaId": "CBBB9EBB-FFFA-4AE8-BA5A-D06D6D9A309E" } ] } diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30867.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30867.json index e8fa73c3bab..dbe363eef04 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30867.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30867.json @@ -2,16 +2,53 @@ "id": "CVE-2023-30867", "sourceIdentifier": "security@apache.org", "published": "2023-12-15T13:15:07.223", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:58:39.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage.\n\nMitigation:\n\nUsers are recommended to upgrade to version 2.1.2, which fixes the issue.\n\n" + }, + { + "lang": "es", + "value": "En la plataforma Streampark, cuando los usuarios inician sesi\u00f3n en el sistema y utilizan ciertas funciones, algunas p\u00e1ginas proporcionan una b\u00fasqueda difusa basada en nombres, como nombres de trabajos, nombres de funciones, etc. La sintaxis SQL: select* de la tabla donde '%jobName%' gusta. Sin embargo, el campo jobName puede recibir par\u00e1metros no v\u00e1lidos, lo que provocar\u00e1 una inyecci\u00f3n de SQL. Esto podr\u00eda resultar potencialmente en una fuga de informaci\u00f3n. Mitigaci\u00f3n: se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.2, que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "security@apache.org", "type": "Secondary", @@ -23,10 +60,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.1.2", + "matchCriteriaId": "A5A4CCCF-F382-4FF8-AB13-9BE1B2B9757B" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/bhdzh6hnh04yyf3g203bbyvxryd720o2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json new file mode 100644 index 00000000000..05e2765f0d2 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32747", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T19:15:08.160", + "lastModified": "2023-12-21T19:15:08.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-1-15-78-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json new file mode 100644 index 00000000000..ec442be5bc0 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32799", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T19:15:08.520", + "lastModified": "2023-12-21T19:15:08.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json index 5572dcd8144..0e1cd6a4725 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33217", "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "published": "2023-12-15T11:15:08.960", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:24:40.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer" + }, + { + "lang": "es", + "value": "Al abusar de un defecto de dise\u00f1o en el mecanismo de actualizaci\u00f3n del firmware del terminal afectado, es posible provocar una denegaci\u00f3n permanente de servicio para el terminal. La \u00fanica forma de recuperar el terminal es devolvi\u00e9ndolo al fabricante." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -46,10 +80,239 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", - "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json index 9f683fa63c4..2c54eec9de8 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33218", "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "published": "2023-12-15T12:15:43.317", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:16:10.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\nThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. \nThis could potentially lead to a Remote Code execution on the targeted device.\n\n" + }, + { + "lang": "es", + "value": "Los controladores de comandos Parameter Zone Read and Parameter Zone Write permiten realizar un desbordamiento del b\u00fafer de pila. Potencialmente, esto podr\u00eda conducir a la ejecuci\u00f3n de un c\u00f3digo remoto en el dispositivo de destino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -46,10 +80,239 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", - "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json index 70a7000fc49..f1c1fdefe71 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33219", "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "published": "2023-12-15T12:15:43.530", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:16:04.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n" + }, + { + "lang": "es", + "value": "El controlador del comando de validaci\u00f3n de actualizaci\u00f3n no verifica adecuadamente los l\u00edmites al realizar ciertas operaciones de validaci\u00f3n. Esto permite un desbordamiento del b\u00fafer basado en pila que podr\u00eda provocar una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -46,10 +80,239 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", - "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json index 96fc17b554c..5b8322df406 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33220", "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "published": "2023-12-15T12:15:43.733", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:25:03.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\nDuring the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes \nto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted \ndevice\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Durante el proceso de validaci\u00f3n de actualizaci\u00f3n, el firmware no verifica adecuadamente los l\u00edmites mientras copia algunos atributos para verificar. Esto permite un desbordamiento del b\u00fafer basado en pila que podr\u00eda provocar una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -46,10 +80,239 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", - "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json index a044651a8b5..5f7c49a89ab 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33221", "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "published": "2023-12-15T12:15:43.927", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:25:12.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Al leer las claves de DesFire, la funci\u00f3n que lee la tarjeta no verifica correctamente los l\u00edmites al copiar internamente los datos recibidos. Esto permite un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico que podr\u00eda conducir a una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino. Esto es especialmente problem\u00e1tico si utiliza la clave DESFire predeterminada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary", @@ -46,10 +80,239 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.15.5", + "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.2", + "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", - "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3907.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3907.json index 77510432e05..d3810dd9b6f 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3907.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3907.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3907", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-17T23:15:43.937", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:02:05.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de escalada de privilegios en GitLab EE que afecta a todas las versiones desde 16.0 anterior a 16.4.4, 16.5 anterior a 16.5.4 y 16.6 anterior a 16.6.2 permite que un mantenedor de proyecto use un token de acceso al proyecto para escalar su rol a propietario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.4.4", + "matchCriteriaId": "00377DD9-D454-4084-9D94-D48C8F1E11C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.5", + "versionEndExcluding": "16.5.4", + "matchCriteriaId": "B9D88266-872E-4BD9-B3DF-D1C540E66AFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.6", + "versionEndExcluding": "16.6.2", + "matchCriteriaId": "D5C45787-C8C9-432E-8DAF-6F5264BBE0B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418878", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2058934", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4311.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4311.json index 8ca0b729774..4ae88051eef 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4311.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4311.json @@ -2,19 +2,80 @@ "id": "CVE-2023-4311", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.397", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:19:14.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode." + }, + { + "lang": "es", + "value": "El complemento Vrm 360 3D Model Viewer de WordPress hasta la versi\u00f3n 1.2.1 es vulnerable a la carga de archivos arbitrarios debido a comprobaciones insuficientes en el c\u00f3digo abreviado del complemento." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:maurice:vrm360:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "343766D2-845F-42D6-9BF8-4E2A92462BB8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/21950116-1a69-4848-9da0-e912096c0fce", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json new file mode 100644 index 00000000000..4428c0e58e5 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44481.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-44481", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T19:15:08.820", + "lastModified": "2023-12-21T19:15:08.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/martin/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json new file mode 100644 index 00000000000..881cfdc84f8 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44482.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-44482", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T19:15:09.157", + "lastModified": "2023-12-21T19:15:09.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/martin/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json new file mode 100644 index 00000000000..ea7635f9705 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45124.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45124", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T19:15:09.657", + "lastModified": "2023-12-21T19:15:09.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'tag' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json new file mode 100644 index 00000000000..148d03119a7 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45125.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45125", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T19:15:10.263", + "lastModified": "2023-12-21T19:15:10.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'time' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json new file mode 100644 index 00000000000..f32cf034fc1 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45126.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45126", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T19:15:10.900", + "lastModified": "2023-12-21T19:15:10.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'total' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json new file mode 100644 index 00000000000..ff8fff35a43 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45127.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45127", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T19:15:11.357", + "lastModified": "2023-12-21T19:15:11.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'wrong' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json new file mode 100644 index 00000000000..dbddd6a956a --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46791", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-12-21T20:15:07.547", + "lastModified": "2023-12-21T20:15:07.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/ros", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json new file mode 100644 index 00000000000..5bf95c2c7c5 --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47191.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47191", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T19:15:11.767", + "lastModified": "2023-12-21T19:15:11.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/youzify/wordpress-youzify-plugin-1-2-2-insecure-direct-object-reference-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47806.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47806.json index 8c08a81f0f3..44be862cbe7 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47806.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47806.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47806", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T16:15:10.510", - "lastModified": "2023-12-18T17:24:19.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:09:43.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Saint Systems Disable User Login. Este problema afecta a Saint Systems Disable User Login: desde n/a hasta 1.3.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:saintsystems:disable_user_login:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.7", + "matchCriteriaId": "EAA579CA-1D6C-480E-8984-60FA510DBA6A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/disable-user-login/wordpress-disable-user-login-plugin-1-3-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49155.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49155.json index 712171ed0a8..1399fe71038 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49155.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49155.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49155", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-18T23:15:08.697", - "lastModified": "2023-12-19T13:42:22.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:28:51.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wow-company:button_generator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.8", + "matchCriteriaId": "EC0A706E-AA9B-4B83-B3D7-1E6814374F29" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-easily-button-builder-plugin-2-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json new file mode 100644 index 00000000000..deb1be0c23c --- /dev/null +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49765.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49765", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T19:15:12.173", + "lastModified": "2023-12-21T19:15:12.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50271.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50271.json index 28b1dc9e8f4..ba8aa96d92e 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50271.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50271.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50271", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-12-17T15:15:07.173", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:14:31.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nA potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.\n\n" + }, + { + "lang": "es", + "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP-UX System Management Homepage (SMH). Esta vulnerabilidad podr\u00eda explotarse local o remotamente para revelar informaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "a.3.2.23.09", + "matchCriteriaId": "CE4DE6A2-D162-4F87-B792-C5CA3003EEE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json new file mode 100644 index 00000000000..18e6655fcf0 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50732.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50732", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-21T20:15:07.900", + "lastModified": "2023-12-21T20:15:07.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20625", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json new file mode 100644 index 00000000000..524560d07ed --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50834.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50834", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-21T19:15:12.670", + "lastModified": "2023-12-21T19:15:12.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-menu-extension/wordpress-woocommerce-menu-extension-plugin-1-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5005.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5005.json index 299b6a9f175..821301d2bf4 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5005.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5005.json @@ -2,19 +2,96 @@ "id": "CVE-2023-5005", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.500", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:25:31.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento Autocomplete Location field Contact Form 7 de WordPress anterior a 3.0, el complemento autocomplete-location-field-contact-form-7-pro de WordPress anterior a 2.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar tareas ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesmade:autocomplete_location_field_contact_form_7:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0", + "matchCriteriaId": "B659D3B0-6707-402D-A50E-8EE1EDC9923A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesmade:autocomplete_location_field_contact_form_7:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "2.0", + "matchCriteriaId": "A0D4CB6A-51A1-4FE8-9D61-B6C98B84EDC3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/bfb174d4-7658-4883-a682-d06bda89ec44", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5348.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5348.json index 8ed85c886a2..c0fd4a62ad6 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5348.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5348.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5348", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.553", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:48:38.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users." + }, + { + "lang": "es", + "value": "El complemento Product Catalog Mode For WooCommerce de WordPress anterior a 5.0.3 no autoriza adecuadamente las actualizaciones de configuraci\u00f3n ni escapa de los valores de configuraci\u00f3n, lo que lleva a que usuarios no autenticados puedan llevar a cabo ataques XSS almacenados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "416E20D1-E9AE-44E6-A46F-EF919BE9F9CA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5882.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5882.json index 83e86f4ee4b..56414a4ba35 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5882.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5882.json @@ -2,19 +2,86 @@ "id": "CVE-2023-5882", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.603", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:50:45.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution." + }, + { + "lang": "es", + "value": "El complemento Export any WordPress data to XML/CSV de WordPress anterior a 1.4.0, el complemento WP All Export Pro de WordPress anterior a 1.8.6 no verifica los tokens nonce lo suficientemente temprano en el ciclo de vida de la solicitud, lo que permite a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas que conducen a ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\\/csv:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "8AD7E514-110D-491A-B120-A5CF9DA1DC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "1.8.6", + "matchCriteriaId": "D5872FA3-45C5-4E05-B8F6-3BFA53456908" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5886.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5886.json index 2fe2b411ff9..fd7fbdf8c5b 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5886.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5886.json @@ -2,19 +2,86 @@ "id": "CVE-2023-5886", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.653", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:46:09.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution." + }, + { + "lang": "es", + "value": "El complemento Export any WordPress data to XML/CSV de WordPress anterior a 1.4.0, el complemento WP All Export Pro de WordPress anterior a 1.8.6 no verifica los tokens nonce lo suficientemente temprano en el ciclo de vida de la solicitud, lo que permite a los atacantes con la capacidad de cargar archivos iniciar sesi\u00f3n los usuarios realizan acciones no deseadas que conducen a la deserializaci\u00f3n de PHAR, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\\/csv:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "8AD7E514-110D-491A-B120-A5CF9DA1DC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "1.8.6", + "matchCriteriaId": "D5872FA3-45C5-4E05-B8F6-3BFA53456908" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/0a08e49d-d34e-4140-a15d-ad64444665a3", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6065.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6065.json index f2a4ea21e9c..dc2f2bb2918 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6065.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6065.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6065", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.750", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:51:08.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code" + }, + { + "lang": "es", + "value": "El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no restringe el acceso a registros de escaneo detallados, lo que permite a un actor malintencionado descubrir rutas locales y partes del c\u00f3digo del sitio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quttera:quttera_web_malware_scanner:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.4.2.1", + "matchCriteriaId": "C6E13545-055A-40B1-A2B6-5F5963E02DEC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6077.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6077.json index 2daa824177a..c8e5e84b7f9 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6077.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6077.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6077", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.797", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:35:11.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected" + }, + { + "lang": "es", + "value": "El complemento Slider de WordPress anterior a 3.5.12 no garantiza que las publicaciones a las que se accede a trav\u00e9s de una acci\u00f3n AJAX sean diapositivas y puedan ser vistas por el usuario que realiza la solicitud, lo que permite a cualquier usuario autenticado, como un suscriptor, acceder al contenido de una publicaci\u00f3n arbitraria, como privada, borrador y contrase\u00f1a protegida" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfrank:slider_factory_pro:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.5.12", + "matchCriteriaId": "052F8885-2DC6-488E-85A3-2D929DA092B1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/1afc0e4a-f712-47d4-bf29-7719ccbbbb1b", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6203.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6203.json index 9513a4010a4..4246bf30db2 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6203.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6203.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6203", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.847", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:31:59.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request" + }, + { + "lang": "es", + "value": "El complemento Events Calendar de WordPress anterior a 6.2.8.1 revela el contenido de publicaciones protegidas con contrase\u00f1a a usuarios no autenticados a trav\u00e9s de una solicitud manipulada" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.2.8.1", + "matchCriteriaId": "FA9D5818-6605-4B0F-AA9E-CB3BA11A18DB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6222.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6222.json index 3241126e5d2..9349c21a885 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6222.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6222.json @@ -2,23 +2,87 @@ "id": "CVE-2023-6222", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.893", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:28:10.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks" + }, + { + "lang": "es", + "value": "El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no valida la entrada del usuario utilizada en una ruta, lo que podr\u00eda permitir a los usuarios con funci\u00f3n de administrador realizar ataques de path traversal." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quttera:quttera_web_malware_scanner:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.4.2.1", + "matchCriteriaId": "C6E13545-055A-40B1-A2B6-5F5963E02DEC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6289.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6289.json index 573ddf4df80..722c7368cef 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6289.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6289.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6289", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:08.983", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:55:29.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens." + }, + { + "lang": "es", + "value": "El complemento Swift Performance Lite de WordPress anterior a 2.3.6.15 no impide que los usuarios exporten la configuraci\u00f3n del complemento, que puede incluir informaci\u00f3n confidencial, como tokens API de Cloudflare." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:swteplugins:swift_performance:*:*:*:*:lite:wordpress:*:*", + "versionEndExcluding": "2.3.6.15", + "matchCriteriaId": "F620C6AF-DB15-462C-AE56-2D4E8B7981BE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6295.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6295.json index 12c70d37615..49cd42d6157 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6295.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6295.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6295", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-18T20:15:09.027", - "lastModified": "2023-12-18T20:21:38.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:58:23.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites." + }, + { + "lang": "es", + "value": "El complemento SiteOrigin Widgets Bundle de WordPress anterior a 1.51.0 no valida la entrada del usuario antes de usarlo para generar rutas pasadas para incluir funciones, lo que permite a los usuarios con funci\u00f3n de administrador realizar ataques LFI en el contexto de sitios Multisite WordPress." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siteorigin:siteorigin_widgets_bundle:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.51.0", + "matchCriteriaId": "FCE3BA73-F387-4387-874B-A43ECF9E1D22" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/adc9ed9f-55b4-43a9-a79d-c7120764f47c", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json new file mode 100644 index 00000000000..c1e19cb75a9 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-6546", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-21T20:15:08.260", + "lastModified": "2023-12-21T20:15:08.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6546", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json index bd0440e8743..1a8dc17b284 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6553", "sourceIdentifier": "security@wordfence.com", "published": "2023-12-15T11:15:47.837", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:24:54.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server." + }, + { + "lang": "es", + "value": "El complemento Backup Migration para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en todas las versiones hasta la 1.3.7 incluida a trav\u00e9s del archivo /includes/backup-heart.php. Esto se debe a que un atacante puede controlar los valores pasados a una inclusi\u00f3n y, posteriormente, aprovecharlos para lograr la ejecuci\u00f3n remota de c\u00f3digo. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digo f\u00e1cilmente en el servidor." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,34 +58,85 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.7", + "matchCriteriaId": "58EBC3ED-E8A3-444C-ABF0-66A28658B0C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6817.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6817.json index f752f1b6dc9..bb98beb3f0a 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6817.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6817.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6817", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-12-18T15:15:10.210", - "lastModified": "2023-12-18T17:24:19.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:32:50.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de use after free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La funci\u00f3n nft_pipapo_walk no omiti\u00f3 elementos inactivos durante el recorrido establecido, lo que podr\u00eda provocar desactivaciones dobles de elementos PIPAPO (Pol\u00edticas de paquetes de pila), lo que llevar\u00eda a un use-after-free. Recomendamos actualizar despu\u00e9s del commit 317eb9685095678f2c9f5a8189de698c5354316a." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,14 +80,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.6", + "versionEndExcluding": "5.10.204", + "matchCriteriaId": "BC30ED73-012F-4A4F-8B31-553F3A6D05BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.143", + "matchCriteriaId": "B9718AD7-A70A-4A63-90EE-B47010C352E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.68", + "matchCriteriaId": "D73554E0-C1EE-48CC-9FDB-4B66000FEB58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.7", + "matchCriteriaId": "38CB764D-606E-4695-8437-DD35E0B1A6FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", + "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", + "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", + "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json index 862694501a8..09a761416a8 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6839", "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "published": "2023-12-15T11:15:48.003", - "lastModified": "2023-12-15T13:41:51.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:16:21.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.\n\n" + }, + { + "lang": "es", + "value": "Debido a un manejo inadecuado de errores, un recurso de API REST podr\u00eda exponer un error del lado del servidor que contenga un nombre de paquete interno espec\u00edfico de WSO2 en la respuesta HTTP." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary", @@ -46,10 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8FF14774-8935-4FC9-B5C8-9771B3D6EBFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1344FB79-0796-445C-A8F3-C03E995925D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E21D7ABF-C328-425D-B914-618C7628220B" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/", - "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8" + "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6894.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6894.json index e667e910a6f..65f7de5bdf7 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6894.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6894.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6894", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T08:15:06.833", - "lastModified": "2023-12-19T09:15:37.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T19:29:58.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Ha sido clasificada como problem\u00e1tica. Una parte desconocida del archivo access/html/system.html del componente Log File Handler afecta a una parte desconocida. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248253. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,200 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.3", + "versionEndExcluding": "4.1.0", + "matchCriteriaId": "39CE5FB3-D552-4149-A2B8-4D6EA9B02E2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-bk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "958036E7-556B-4211-91F2-B03FD7B9BD48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-dis:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E42EB382-C853-405D-B3D6-777CA0750270" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C12AC351-A6DB-4F58-899A-FE625DA97219" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-in:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51038A2A-4C52-4029-8ECB-B33018681439" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-info:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F62F9A95-A31C-4047-81D2-0CD30449A71A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00241160-697B-4177-97AE-9B98EBF962A8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kk\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E47560E1-FC85-44C0-8804-5426062ADBB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "187E6DA2-2909-489A-86B6-AEF22B5E81D3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kp\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "653905C8-EED2-4EF6-A19C-740D93AD2C59" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C9CEE9CB-03CD-4220-9B89-1C5C8A9FE1B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd3003-e6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42374DAF-62B0-41FF-91D2-E8410BCE6B69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF0DE650-B929-4F05-B2D1-CE59ADBF05A4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/flush:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5640AA88-730E-43FB-88D2-F3D65396DE15" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/ns:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF2F30EE-469B-42E5-9570-6D26C37460A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96F5783F-87ED-4AAE-801B-27D287991A7B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/surface:-:*:*:*:*:*:*:*", + "matchCriteriaId": "926B6EE1-7CF4-4A99-9C6F-7DDC26C9A702" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6220-le1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "547F6609-4304-4CB8-A07A-2C3D2E7241E8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-le1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4DAC9C0-6A97-4AA2-9FBE-58E5E1D11666" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-tde1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3BC79E9F-0971-46B0-B0AB-062AB4653345" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-te1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BD7D924-84B8-4253-995C-A1E74B3C329C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-wtde1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF4C1CB8-96D8-4E28-B85A-29D05BE4C272" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97264003-9B83-444C-ADEF-5F0E61C96618" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6350-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9562CB3D-9491-407C-9A59-0F0C48D724BA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6351-te1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA19A366-0EE7-45D2-A3B2-4EE397FBA95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6351-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B61ABFF8-5AD3-4367-AA3E-E36DCD93ABE6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh63le1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B1FDC90-73BA-4691-B942-AE30CA342C9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh8520-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97280A4A-0EFE-418C-9E94-92239E463163" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh9310-wte1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3244947-9255-48E0-9491-CD2DFBF21943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh9510-wte1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "62E1B212-E667-4FC0-AF02-116F58D917F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/willchen0011/cve/blob/main/unaccess.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248253", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248253", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6903.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6903.json index cc79bed72ca..8efa92c6dbf 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6903.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6903.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6903", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T23:15:44.167", - "lastModified": "2023-12-19T09:15:37.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:18:03.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netentsec:application_security_gateway:6.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "7DBF2214-4A3F-41CA-98E3-E1E98720F4EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/willchen0011/cve/blob/main/NS-ASG-sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248265", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248265", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6904.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6904.json index 5cf05b77cd8..864992ef9dd 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6904.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6904.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6904", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T23:15:44.397", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:10:56.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Jahastech NxFilter 4.3.2.5 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /config,admin.jsp. La manipulaci\u00f3n del argumento admin_name conduce a Cross-Site Request Forgery. El ataque se puede iniciar de forma remota. VDB-248266 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nxfilter:nxfilter:4.3.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "398BEE30-6A58-498C-84C1-1D8528615153" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.248266", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248266", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6905.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6905.json index 3f44ab19586..de380d4c93a 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6905.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6905.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6905", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-18T00:15:11.327", - "lastModified": "2023-12-18T14:05:22.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-21T20:07:00.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Jahastech NxFilter 4.3.2.5 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo user,adap.jsp?actionFlag=test&id=1 del componente Bind Request Handler. La manipulaci\u00f3n conduce a la inyecci\u00f3n de ldap. El ataque puede iniciarse de forma remota. El identificador asociado de esta vulnerabilidad es VDB-248267. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nxfilter:nxfilter:4.3.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "398BEE30-6A58-498C-84C1-1D8528615153" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.248267", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248267", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json new file mode 100644 index 00000000000..b9f81d7c06a --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7039", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-21T19:15:13.170", + "lastModified": "2023-12-21T19:15:13.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Stitch3612/cve/blob/main/rce.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248688", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248688", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json new file mode 100644 index 00000000000..1fc6345fd48 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7040.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7040", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-21T20:15:08.553", + "lastModified": "2023-12-21T20:15:08.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20read.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248689", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248689", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json new file mode 100644 index 00000000000..7c22dfc6ed4 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7041.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7041", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-21T20:15:08.903", + "lastModified": "2023-12-21T20:15:08.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 4.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20overwrite.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248690", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248690", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json new file mode 100644 index 00000000000..2a6ff072c49 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7042.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-7042", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-21T20:15:09.267", + "lastModified": "2023-12-21T20:15:09.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-7042", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255497", + "source": "secalert@redhat.com" + }, + { + "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a5c7ac5af96..c5b206e1e3f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-21T19:00:24.531153+00:00 +2023-12-21T21:00:24.563922+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-21T18:57:33.513000+00:00 +2023-12-21T20:58:23.043000+00:00 ``` ### Last Data Feed Release @@ -29,56 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233989 +234007 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` - -* [CVE-2023-40058](CVE-2023/CVE-2023-400xx/CVE-2023-40058.json) (`2023-12-21T17:15:07.763`) -* [CVE-2023-45120](CVE-2023/CVE-2023-451xx/CVE-2023-45120.json) (`2023-12-21T17:15:08.153`) -* [CVE-2023-45121](CVE-2023/CVE-2023-451xx/CVE-2023-45121.json) (`2023-12-21T17:15:08.440`) -* [CVE-2023-45122](CVE-2023/CVE-2023-451xx/CVE-2023-45122.json) (`2023-12-21T17:15:08.723`) -* [CVE-2023-45123](CVE-2023/CVE-2023-451xx/CVE-2023-45123.json) (`2023-12-21T17:15:09.007`) -* [CVE-2023-7037](CVE-2023/CVE-2023-70xx/CVE-2023-7037.json) (`2023-12-21T17:15:09.383`) -* [CVE-2023-50829](CVE-2023/CVE-2023-508xx/CVE-2023-50829.json) (`2023-12-21T18:15:07.477`) -* [CVE-2023-50830](CVE-2023/CVE-2023-508xx/CVE-2023-50830.json) (`2023-12-21T18:15:07.797`) -* [CVE-2023-50831](CVE-2023/CVE-2023-508xx/CVE-2023-50831.json) (`2023-12-21T18:15:08.050`) -* [CVE-2023-50832](CVE-2023/CVE-2023-508xx/CVE-2023-50832.json) (`2023-12-21T18:15:08.277`) -* [CVE-2023-50833](CVE-2023/CVE-2023-508xx/CVE-2023-50833.json) (`2023-12-21T18:15:08.567`) -* [CVE-2023-7038](CVE-2023/CVE-2023-70xx/CVE-2023-7038.json) (`2023-12-21T18:15:08.827`) +Recently added CVEs: `18` + +* [CVE-2023-32747](CVE-2023/CVE-2023-327xx/CVE-2023-32747.json) (`2023-12-21T19:15:08.160`) +* [CVE-2023-32799](CVE-2023/CVE-2023-327xx/CVE-2023-32799.json) (`2023-12-21T19:15:08.520`) +* [CVE-2023-44481](CVE-2023/CVE-2023-444xx/CVE-2023-44481.json) (`2023-12-21T19:15:08.820`) +* [CVE-2023-44482](CVE-2023/CVE-2023-444xx/CVE-2023-44482.json) (`2023-12-21T19:15:09.157`) +* [CVE-2023-45124](CVE-2023/CVE-2023-451xx/CVE-2023-45124.json) (`2023-12-21T19:15:09.657`) +* [CVE-2023-45125](CVE-2023/CVE-2023-451xx/CVE-2023-45125.json) (`2023-12-21T19:15:10.263`) +* [CVE-2023-45126](CVE-2023/CVE-2023-451xx/CVE-2023-45126.json) (`2023-12-21T19:15:10.900`) +* [CVE-2023-45127](CVE-2023/CVE-2023-451xx/CVE-2023-45127.json) (`2023-12-21T19:15:11.357`) +* [CVE-2023-47191](CVE-2023/CVE-2023-471xx/CVE-2023-47191.json) (`2023-12-21T19:15:11.767`) +* [CVE-2023-49765](CVE-2023/CVE-2023-497xx/CVE-2023-49765.json) (`2023-12-21T19:15:12.173`) +* [CVE-2023-50834](CVE-2023/CVE-2023-508xx/CVE-2023-50834.json) (`2023-12-21T19:15:12.670`) +* [CVE-2023-7039](CVE-2023/CVE-2023-70xx/CVE-2023-7039.json) (`2023-12-21T19:15:13.170`) +* [CVE-2023-46791](CVE-2023/CVE-2023-467xx/CVE-2023-46791.json) (`2023-12-21T20:15:07.547`) +* [CVE-2023-50732](CVE-2023/CVE-2023-507xx/CVE-2023-50732.json) (`2023-12-21T20:15:07.900`) +* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2023-12-21T20:15:08.260`) +* [CVE-2023-7040](CVE-2023/CVE-2023-70xx/CVE-2023-7040.json) (`2023-12-21T20:15:08.553`) +* [CVE-2023-7041](CVE-2023/CVE-2023-70xx/CVE-2023-7041.json) (`2023-12-21T20:15:08.903`) +* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2023-12-21T20:15:09.267`) ### CVEs modified in the last Commit -Recently modified CVEs: `80` - -* [CVE-2023-50824](CVE-2023/CVE-2023-508xx/CVE-2023-50824.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-50825](CVE-2023/CVE-2023-508xx/CVE-2023-50825.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-50826](CVE-2023/CVE-2023-508xx/CVE-2023-50826.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-50827](CVE-2023/CVE-2023-508xx/CVE-2023-50827.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-50828](CVE-2023/CVE-2023-508xx/CVE-2023-50828.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-51442](CVE-2023/CVE-2023-514xx/CVE-2023-51442.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-7035](CVE-2023/CVE-2023-70xx/CVE-2023-7035.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-7047](CVE-2023/CVE-2023-70xx/CVE-2023-7047.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-45115](CVE-2023/CVE-2023-451xx/CVE-2023-45115.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-45116](CVE-2023/CVE-2023-451xx/CVE-2023-45116.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-45117](CVE-2023/CVE-2023-451xx/CVE-2023-45117.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-45118](CVE-2023/CVE-2023-451xx/CVE-2023-45118.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-45119](CVE-2023/CVE-2023-451xx/CVE-2023-45119.json) (`2023-12-21T18:15:38.237`) -* [CVE-2023-28421](CVE-2023/CVE-2023-284xx/CVE-2023-28421.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-2487](CVE-2023/CVE-2023-24xx/CVE-2023-2487.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-48288](CVE-2023/CVE-2023-482xx/CVE-2023-48288.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-49162](CVE-2023/CVE-2023-491xx/CVE-2023-49162.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-6122](CVE-2023/CVE-2023-61xx/CVE-2023-6122.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-6145](CVE-2023/CVE-2023-61xx/CVE-2023-6145.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-22674](CVE-2023/CVE-2023-226xx/CVE-2023-22674.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-47525](CVE-2023/CVE-2023-475xx/CVE-2023-47525.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-47527](CVE-2023/CVE-2023-475xx/CVE-2023-47527.json) (`2023-12-21T18:15:45.660`) -* [CVE-2023-6902](CVE-2023/CVE-2023-69xx/CVE-2023-6902.json) (`2023-12-21T18:39:09.373`) -* [CVE-2023-4724](CVE-2023/CVE-2023-47xx/CVE-2023-4724.json) (`2023-12-21T18:41:59.457`) -* [CVE-2023-33214](CVE-2023/CVE-2023-332xx/CVE-2023-33214.json) (`2023-12-21T18:57:33.513`) +Recently modified CVEs: `33` + +* [CVE-2023-4311](CVE-2023/CVE-2023-43xx/CVE-2023-4311.json) (`2023-12-21T19:19:14.283`) +* [CVE-2023-33217](CVE-2023/CVE-2023-332xx/CVE-2023-33217.json) (`2023-12-21T19:24:40.917`) +* [CVE-2023-6553](CVE-2023/CVE-2023-65xx/CVE-2023-6553.json) (`2023-12-21T19:24:54.533`) +* [CVE-2023-33220](CVE-2023/CVE-2023-332xx/CVE-2023-33220.json) (`2023-12-21T19:25:03.250`) +* [CVE-2023-33221](CVE-2023/CVE-2023-332xx/CVE-2023-33221.json) (`2023-12-21T19:25:12.393`) +* [CVE-2023-5005](CVE-2023/CVE-2023-50xx/CVE-2023-5005.json) (`2023-12-21T19:25:31.277`) +* [CVE-2023-6222](CVE-2023/CVE-2023-62xx/CVE-2023-6222.json) (`2023-12-21T19:28:10.553`) +* [CVE-2023-6894](CVE-2023/CVE-2023-68xx/CVE-2023-6894.json) (`2023-12-21T19:29:58.587`) +* [CVE-2023-6203](CVE-2023/CVE-2023-62xx/CVE-2023-6203.json) (`2023-12-21T19:31:59.690`) +* [CVE-2023-6077](CVE-2023/CVE-2023-60xx/CVE-2023-6077.json) (`2023-12-21T19:35:11.607`) +* [CVE-2023-5886](CVE-2023/CVE-2023-58xx/CVE-2023-5886.json) (`2023-12-21T19:46:09.797`) +* [CVE-2023-5348](CVE-2023/CVE-2023-53xx/CVE-2023-5348.json) (`2023-12-21T19:48:38.117`) +* [CVE-2023-5882](CVE-2023/CVE-2023-58xx/CVE-2023-5882.json) (`2023-12-21T19:50:45.183`) +* [CVE-2023-6065](CVE-2023/CVE-2023-60xx/CVE-2023-6065.json) (`2023-12-21T19:51:08.273`) +* [CVE-2023-30867](CVE-2023/CVE-2023-308xx/CVE-2023-30867.json) (`2023-12-21T19:58:39.513`) +* [CVE-2023-3907](CVE-2023/CVE-2023-39xx/CVE-2023-3907.json) (`2023-12-21T20:02:05.927`) +* [CVE-2023-6905](CVE-2023/CVE-2023-69xx/CVE-2023-6905.json) (`2023-12-21T20:07:00.727`) +* [CVE-2023-6904](CVE-2023/CVE-2023-69xx/CVE-2023-6904.json) (`2023-12-21T20:10:56.897`) +* [CVE-2023-22508](CVE-2023/CVE-2023-225xx/CVE-2023-22508.json) (`2023-12-21T20:11:44.330`) +* [CVE-2023-50271](CVE-2023/CVE-2023-502xx/CVE-2023-50271.json) (`2023-12-21T20:14:31.063`) +* [CVE-2023-6903](CVE-2023/CVE-2023-69xx/CVE-2023-6903.json) (`2023-12-21T20:18:03.200`) +* [CVE-2023-49155](CVE-2023/CVE-2023-491xx/CVE-2023-49155.json) (`2023-12-21T20:28:51.350`) +* [CVE-2023-6817](CVE-2023/CVE-2023-68xx/CVE-2023-6817.json) (`2023-12-21T20:32:50.380`) +* [CVE-2023-6289](CVE-2023/CVE-2023-62xx/CVE-2023-6289.json) (`2023-12-21T20:55:29.640`) +* [CVE-2023-6295](CVE-2023/CVE-2023-62xx/CVE-2023-6295.json) (`2023-12-21T20:58:23.043`) ## Download and Usage