From 6f35bba637dc25b39ca373f89c8ed9bede74b3a3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 2 Jan 2024 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-02T21:00:25.062653+00:00 --- CVE-2015/CVE-2015-101xx/CVE-2015-10128.json | 4 +- CVE-2017/CVE-2017-201xx/CVE-2017-20188.json | 4 +- CVE-2018/CVE-2018-250xx/CVE-2018-25097.json | 4 +- CVE-2021/CVE-2021-420xx/CVE-2021-42083.json | 6 +- CVE-2022/CVE-2022-05xx/CVE-2022-0564.json | 8 +- CVE-2022/CVE-2022-24xx/CVE-2022-2421.json | 8 +- CVE-2022/CVE-2022-24xx/CVE-2022-2422.json | 8 +- CVE-2022/CVE-2022-251xx/CVE-2022-25153.json | 8 +- CVE-2022/CVE-2022-298xx/CVE-2022-29822.json | 8 +- CVE-2022/CVE-2022-298xx/CVE-2022-29823.json | 8 +- CVE-2022/CVE-2022-30xx/CVE-2022-3010.json | 63 ++++++++++++ CVE-2022/CVE-2022-393xx/CVE-2022-39337.json | 68 +++++++++++-- CVE-2022/CVE-2022-450xx/CVE-2022-45052.json | 8 +- CVE-2022/CVE-2022-475xx/CVE-2022-47532.json | 64 +++++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40338.json | 16 +-- CVE-2023/CVE-2023-42xx/CVE-2023-4280.json | 4 +- CVE-2023/CVE-2023-437xx/CVE-2023-43737.json | 82 +--------------- CVE-2023/CVE-2023-437xx/CVE-2023-43738.json | 82 +--------------- CVE-2023/CVE-2023-441xx/CVE-2023-44162.json | 82 +--------------- CVE-2023/CVE-2023-442xx/CVE-2023-44268.json | 83 +--------------- CVE-2023/CVE-2023-443xx/CVE-2023-44375.json | 82 +--------------- CVE-2023/CVE-2023-443xx/CVE-2023-44376.json | 92 +----------------- CVE-2023/CVE-2023-443xx/CVE-2023-44377.json | 82 +--------------- CVE-2023/CVE-2023-450xx/CVE-2023-45013.json | 82 +--------------- CVE-2023/CVE-2023-450xx/CVE-2023-45014.json | 82 +--------------- CVE-2023/CVE-2023-450xx/CVE-2023-45016.json | 82 +--------------- CVE-2023/CVE-2023-450xx/CVE-2023-45017.json | 82 +--------------- CVE-2023/CVE-2023-451xx/CVE-2023-45112.json | 82 +--------------- CVE-2023/CVE-2023-451xx/CVE-2023-45113.json | 82 +--------------- CVE-2023/CVE-2023-451xx/CVE-2023-45114.json | 102 +------------------- CVE-2023/CVE-2023-466xx/CVE-2023-46676.json | 82 +--------------- CVE-2023/CVE-2023-466xx/CVE-2023-46678.json | 82 +--------------- CVE-2023/CVE-2023-466xx/CVE-2023-46680.json | 102 +------------------- CVE-2023/CVE-2023-472xx/CVE-2023-47215.json | 69 ++++++++++++- CVE-2023/CVE-2023-484xx/CVE-2023-48419.json | 55 +++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48670.json | 60 +++++++++++- CVE-2023/CVE-2023-487xx/CVE-2023-48704.json | 96 +++++++++++++++++- CVE-2023/CVE-2023-491xx/CVE-2023-49119.json | 69 ++++++++++++- CVE-2023/CVE-2023-495xx/CVE-2023-49598.json | 69 ++++++++++++- CVE-2023/CVE-2023-496xx/CVE-2023-49678.json | 102 +------------------- CVE-2023/CVE-2023-496xx/CVE-2023-49679.json | 102 +------------------- CVE-2023/CVE-2023-496xx/CVE-2023-49680.json | 82 +--------------- CVE-2023/CVE-2023-496xx/CVE-2023-49682.json | 82 +--------------- CVE-2023/CVE-2023-496xx/CVE-2023-49683.json | 92 +----------------- CVE-2023/CVE-2023-496xx/CVE-2023-49684.json | 82 +--------------- CVE-2023/CVE-2023-496xx/CVE-2023-49685.json | 82 +--------------- CVE-2023/CVE-2023-496xx/CVE-2023-49686.json | 82 +--------------- CVE-2023/CVE-2023-496xx/CVE-2023-49687.json | 82 +--------------- CVE-2023/CVE-2023-496xx/CVE-2023-49690.json | 102 +------------------- CVE-2023/CVE-2023-497xx/CVE-2023-49779.json | 69 ++++++++++++- CVE-2023/CVE-2023-497xx/CVE-2023-49794.json | 59 +++++++++++ CVE-2023/CVE-2023-498xx/CVE-2023-49807.json | 69 ++++++++++++- CVE-2023/CVE-2023-501xx/CVE-2023-50175.json | 69 ++++++++++++- CVE-2023/CVE-2023-502xx/CVE-2023-50294.json | 69 ++++++++++++- CVE-2023/CVE-2023-503xx/CVE-2023-50339.json | 69 ++++++++++++- CVE-2023/CVE-2023-507xx/CVE-2023-50711.json | 59 +++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50822.json | 51 +++++++++- CVE-2023/CVE-2023-516xx/CVE-2023-51652.json | 63 ++++++++++++ CVE-2023/CVE-2023-52xx/CVE-2023-5203.json | 68 ++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5980.json | 69 ++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5991.json | 69 ++++++++++++- CVE-2023/CVE-2023-61xx/CVE-2023-6155.json | 69 ++++++++++++- CVE-2023/CVE-2023-61xx/CVE-2023-6166.json | 69 ++++++++++++- CVE-2023/CVE-2023-62xx/CVE-2023-6250.json | 69 ++++++++++++- CVE-2023/CVE-2023-67xx/CVE-2023-6752.json | 15 +++ CVE-2023/CVE-2023-70xx/CVE-2023-7076.json | 66 +++++++++++-- CVE-2023/CVE-2023-71xx/CVE-2023-7192.json | 63 ++++++++++++ CVE-2024/CVE-2024-01xx/CVE-2024-0188.json | 4 +- CVE-2024/CVE-2024-01xx/CVE-2024-0189.json | 4 +- CVE-2024/CVE-2024-01xx/CVE-2024-0190.json | 88 +++++++++++++++++ CVE-2024/CVE-2024-01xx/CVE-2024-0191.json | 88 +++++++++++++++++ CVE-2024/CVE-2024-01xx/CVE-2024-0192.json | 88 +++++++++++++++++ CVE-2024/CVE-2024-01xx/CVE-2024-0193.json | 4 +- README.md | 63 +++++++----- 74 files changed, 2149 insertions(+), 2366 deletions(-) create mode 100644 CVE-2022/CVE-2022-30xx/CVE-2022-3010.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48419.json create mode 100644 CVE-2023/CVE-2023-497xx/CVE-2023-49794.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50711.json create mode 100644 CVE-2023/CVE-2023-516xx/CVE-2023-51652.json create mode 100644 CVE-2023/CVE-2023-67xx/CVE-2023-6752.json create mode 100644 CVE-2023/CVE-2023-71xx/CVE-2023-7192.json create mode 100644 CVE-2024/CVE-2024-01xx/CVE-2024-0190.json create mode 100644 CVE-2024/CVE-2024-01xx/CVE-2024-0191.json create mode 100644 CVE-2024/CVE-2024-01xx/CVE-2024-0192.json diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json index f886615c197..54cdc043e49 100644 --- a/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json @@ -2,8 +2,8 @@ "id": "CVE-2015-10128", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T14:15:07.810", - "lastModified": "2024-01-02T14:15:07.810", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20188.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20188.json index 79910574640..0db8bc9a9ba 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20188.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20188.json @@ -2,8 +2,8 @@ "id": "CVE-2017-20188", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T15:15:08.377", - "lastModified": "2024-01-02T15:15:08.377", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25097.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25097.json index c969edc0530..96535fdd971 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25097.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25097.json @@ -2,8 +2,8 @@ "id": "CVE-2018-25097", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T16:15:11.100", - "lastModified": "2024-01-02T16:15:11.100", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-420xx/CVE-2021-42083.json b/CVE-2021/CVE-2021-420xx/CVE-2021-42083.json index 728333ed18d..68659774eed 100644 --- a/CVE-2021/CVE-2021-420xx/CVE-2021-42083.json +++ b/CVE-2021/CVE-2021-420xx/CVE-2021-42083.json @@ -2,12 +2,12 @@ "id": "CVE-2021-42083", "sourceIdentifier": "csirt@divd.nl", "published": "2023-07-10T16:15:47.690", - "lastModified": "2023-07-13T23:11:28.007", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:09.030", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack.\u00a0" + "value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-05xx/CVE-2022-0564.json b/CVE-2022/CVE-2022-05xx/CVE-2022-0564.json index 8bf585ab4b2..22d115f2666 100644 --- a/CVE-2022/CVE-2022-05xx/CVE-2022-0564.json +++ b/CVE-2022/CVE-2022-05xx/CVE-2022-0564.json @@ -2,12 +2,12 @@ "id": "CVE-2022-0564", "sourceIdentifier": "csirt@divd.nl", "published": "2022-02-21T18:15:08.873", - "lastModified": "2023-11-07T03:41:23.860", + "lastModified": "2024-01-02T19:15:09.177", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.\n\n" + "value": "A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured." }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 1.4 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2421.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2421.json index e31311bc643..328914b1923 100644 --- a/CVE-2022/CVE-2022-24xx/CVE-2022-2421.json +++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2421.json @@ -2,12 +2,12 @@ "id": "CVE-2022-2421", "sourceIdentifier": "csirt@divd.nl", "published": "2022-10-26T10:15:16.780", - "lastModified": "2023-11-07T03:46:34.367", + "lastModified": "2024-01-02T19:15:09.597", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.\n\n" + "value": "Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object." }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2422.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2422.json index aecf211e77b..9485a6d48f5 100644 --- a/CVE-2022/CVE-2022-24xx/CVE-2022-2422.json +++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2422.json @@ -2,12 +2,12 @@ "id": "CVE-2022-2422", "sourceIdentifier": "csirt@divd.nl", "published": "2022-10-26T10:15:16.993", - "lastModified": "2023-11-07T03:46:34.453", + "lastModified": "2024-01-02T19:15:09.690", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.\n\n" + "value": "Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used." }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25153.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25153.json index 7dabdad6ddc..e4c3d5e6eb9 100644 --- a/CVE-2022/CVE-2022-251xx/CVE-2022-25153.json +++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25153.json @@ -2,12 +2,12 @@ "id": "CVE-2022-25153", "sourceIdentifier": "csirt@divd.nl", "published": "2022-06-09T17:15:08.903", - "lastModified": "2023-11-07T03:44:44.287", + "lastModified": "2024-01-02T19:15:09.293", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.\n\n" + "value": "The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup." }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-298xx/CVE-2022-29822.json b/CVE-2022/CVE-2022-298xx/CVE-2022-29822.json index d7dba64285f..4eade69fb3b 100644 --- a/CVE-2022/CVE-2022-298xx/CVE-2022-29822.json +++ b/CVE-2022/CVE-2022-298xx/CVE-2022-29822.json @@ -2,12 +2,12 @@ "id": "CVE-2022-29822", "sourceIdentifier": "csirt@divd.nl", "published": "2022-10-26T10:15:10.217", - "lastModified": "2023-11-07T03:46:05.720", + "lastModified": "2024-01-02T19:15:09.407", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection\n\n" + "value": "Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection" }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-298xx/CVE-2022-29823.json b/CVE-2022/CVE-2022-298xx/CVE-2022-29823.json index 9e806aa1dbe..e3621d13946 100644 --- a/CVE-2022/CVE-2022-298xx/CVE-2022-29823.json +++ b/CVE-2022/CVE-2022-298xx/CVE-2022-29823.json @@ -2,12 +2,12 @@ "id": "CVE-2022-29823", "sourceIdentifier": "csirt@divd.nl", "published": "2022-10-26T10:15:16.190", - "lastModified": "2023-11-07T03:46:05.793", + "lastModified": "2024-01-02T19:15:09.513", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.\n\n" + "value": "Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application." }, { "lang": "es", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3010.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3010.json new file mode 100644 index 00000000000..31ae20f3866 --- /dev/null +++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3010.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2022-3010", + "sourceIdentifier": "csirt@divd.nl", + "published": "2024-01-02T19:15:09.783", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Priva TopControl Suite contains\u00a0predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "csirt@divd.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "csirt@divd.nl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1391" + } + ] + } + ], + "references": [ + { + "url": "https://csirt.divd.nl/CVE-2022-3010", + "source": "csirt@divd.nl" + }, + { + "url": "https://csirt.divd.nl/DIVD-2022-00035", + "source": "csirt@divd.nl" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01", + "source": "csirt@divd.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39337.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39337.json index d398cea1e99..03e265973f8 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39337.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39337.json @@ -2,16 +2,40 @@ "id": "CVE-2022-39337", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T15:15:07.810", - "lastModified": "2023-12-22T20:32:41.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:27:42.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue." + }, + { + "lang": "es", + "value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto con monitoreo personalizado, cl\u00faster de alto rendimiento, similar a Prometheus y sin agentes. Las versiones 1.20 y anteriores de Hertzbeat tienen una vulnerabilidad de omisi\u00f3n de permisos. La autenticaci\u00f3n del sistema se puede omitir e invocar interfaces sin autorizaci\u00f3n. La versi\u00f3n 1.2.1 contiene un parche para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,22 +74,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.1", + "matchCriteriaId": "F5CD6894-0209-4517-8CB3-C7BF223661DC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dromara/hertzbeat/issues/377", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/dromara/hertzbeat/pull/382", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45052.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45052.json index e694e9fd843..6644937d77b 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45052.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45052.json @@ -2,12 +2,12 @@ "id": "CVE-2022-45052", "sourceIdentifier": "csirt@divd.nl", "published": "2023-01-04T19:15:09.447", - "lastModified": "2023-11-07T03:54:29.863", + "lastModified": "2024-01-02T19:15:10.030", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.\u00a0\n" + "value": "A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server." } ], "metrics": { @@ -33,7 +33,7 @@ "impactScore": 3.6 }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +66,7 @@ ] }, { - "source": "b87402ff-ae37-4194-9dae-31abdbd6f217", + "source": "csirt@divd.nl", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json index 6b035ef0aa8..40dfe628293 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47532.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47532", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T04:15:08.610", - "lastModified": "2023-12-22T12:18:32.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:38:35.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "FileRun 20220519 permite la inyecci\u00f3n de SQL a trav\u00e9s del par\u00e1metro \"dir\" en una solicitud /?module=users&section=cpanel&page=list." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:filerun:filerun:20220519:*:*:*:*:*:*:*", + "matchCriteriaId": "198E8C14-A782-41F0-9C1E-80A0988D45F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://herolab.usd.de/security-advisories/usd-2022-0064/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json index dba289256fa..1a991a6c897 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40338", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.483", - "lastModified": "2023-08-22T18:50:18.217", + "lastModified": "2024-01-02T19:53:57.583", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 4.3, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json index e211110e16a..47860580783 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4280", "sourceIdentifier": "product-security@silabs.com", "published": "2024-01-02T17:15:09.520", - "lastModified": "2024-01-02T17:15:09.520", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json index d4c1f63908f..731f35e1ae9 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43737.json @@ -2,86 +2,14 @@ "id": "CVE-2023-43737", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-26T23:15:09.310", - "lastModified": "2023-11-03T19:43:30.007", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.140", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'fnm' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json index b910eaf321a..77f4e3d447d 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43738.json @@ -2,86 +2,14 @@ "id": "CVE-2023-43738", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T03:15:07.960", - "lastModified": "2023-11-03T19:53:08.763", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.233", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'email' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Broken Link" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json index 6b147a63bbe..e437df63324 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44162.json @@ -2,86 +2,14 @@ "id": "CVE-2023-44162", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T03:15:08.040", - "lastModified": "2023-11-03T19:46:03.623", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.327", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'contact' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Broken Link" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json index bcdb4c3df8e..578fe64a83b 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44268.json @@ -2,87 +2,14 @@ "id": "CVE-2023-44268", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-26T23:15:09.387", - "lastModified": "2023-11-03T19:43:10.423", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.403", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'gender' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Broken Link", - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json index 785cc6d5c80..b8a34fcfadd 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44375.json @@ -2,86 +2,14 @@ "id": "CVE-2023-44375", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T03:15:08.120", - "lastModified": "2023-11-03T19:45:39.960", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.480", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'add1' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Broken Link" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44376.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44376.json index 125101044a3..b49a8019249 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44376.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44376.json @@ -2,96 +2,14 @@ "id": "CVE-2023-44376", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T13:15:08.207", - "lastModified": "2023-11-03T21:37:56.017", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.550", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'add2' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Broken Link" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44377.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44377.json index 3c895e61721..8a33f681126 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44377.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44377.json @@ -2,86 +2,14 @@ "id": "CVE-2023-44377", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-10-27T13:15:08.300", - "lastModified": "2023-11-03T21:36:19.217", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.630", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Art Gallery v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'add3' del recurso header.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3373A0D4-63FD-4709-95EC-F89D9B37CD84" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ono", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Broken Link" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45013.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45013.json index b2209177e34..bf35b6f29ae 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45013.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45013.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45013", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T03:15:09.580", - "lastModified": "2023-11-08T23:13:34.403", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.703", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_query' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Bus Booking System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'user_query' del recurso bus_info.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "28188AA0-A5E7-426D-B434-1E49A1EC9D3D" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/oconnor", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45014.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45014.json index 541be5b1dfe..638cc51ddb9 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45014.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45014.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45014", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T03:15:09.663", - "lastModified": "2023-11-08T23:13:25.223", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.787", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bus_id' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Bus Booking System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'bus_id' del recurso bus_info.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "28188AA0-A5E7-426D-B434-1E49A1EC9D3D" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/oconnor", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45016.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45016.json index ec7de154e5b..1c683738ebe 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45016.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45016.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45016", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T03:15:09.830", - "lastModified": "2023-11-08T23:13:05.930", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.857", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'source' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Bus Booking System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'source' del recurso search.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "28188AA0-A5E7-426D-B434-1E49A1EC9D3D" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/oconnor", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45017.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45017.json index fb325648673..fa2782bb738 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45017.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45017.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45017", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T03:15:09.913", - "lastModified": "2023-11-08T23:12:55.407", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:10.937", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'destination' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Bus Booking System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'destination' del recurso search.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_bus_booking_system_project:online_bus_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "28188AA0-A5E7-426D-B434-1E49A1EC9D3D" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/oconnor", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45112.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45112.json index f5447fa2a18..a3d19e1e3d7 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45112.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45112.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45112", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T02:15:08.447", - "lastModified": "2023-11-08T23:14:28.533", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.040", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'feedback' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'feedback' del recurso feed.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_examination_system_project:online_examination_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "FA375579-A042-4391-93E9-033D965AE767" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pires", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45113.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45113.json index a45ab45b0d2..2b6bddf34c3 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45113.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45113.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45113", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T02:15:08.533", - "lastModified": "2023-11-08T23:14:20.367", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.137", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'name' del recurso feed.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_examination_system_project:online_examination_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "FA375579-A042-4391-93E9-033D965AE767" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pires", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45114.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45114.json index 9849240b3b5..d8e786be94e 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45114.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45114.json @@ -2,106 +2,14 @@ "id": "CVE-2023-45114", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T02:15:08.623", - "lastModified": "2023-11-08T23:13:57.230", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.217", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'subject' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'subject' del recurso feed.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:online_examination_system_project:online_examination_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "FA375579-A042-4391-93E9-033D965AE767" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pires", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46676.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46676.json index 710a6a0a268..0ae5911a2a9 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46676.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46676.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46676", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T21:15:09.630", - "lastModified": "2023-11-13T17:57:13.307", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:11.017", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'filename' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'filename' del recurso sign-up.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "B22E69CD-056A-4C41-B3FC-7047D31465E8" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/netrebko", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46678.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46678.json index 85fe9fb7362..00790ff25ab 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46678.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46678.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46678", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T21:15:10.923", - "lastModified": "2023-11-13T17:57:00.177", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:11.110", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_upass' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'txt_upass' del recurso sign-up.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "B22E69CD-056A-4C41-B3FC-7047D31465E8" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/netrebko", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46680.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46680.json index 827c6126e77..8d04c575a8c 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46680.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46680.json @@ -2,106 +2,14 @@ "id": "CVE-2023-46680", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T21:15:11.947", - "lastModified": "2023-11-13T17:54:40.407", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T19:15:11.197", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_password' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'txt_password' del recurso index.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "B22E69CD-056A-4C41-B3FC-7047D31465E8" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/netrebko", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47215.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47215.json index 08e89d60da5..584377800ad 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47215.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47215.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47215", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:10.643", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:54:38.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de cross-site scripting almacenado que explota un comportamiento del filtro XSS existe en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del us" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48419.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48419.json new file mode 100644 index 00000000000..ce34d7f7642 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48419.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48419", + "sourceIdentifier": "dsap-vuln-management@google.com", + "published": "2024-01-02T19:15:11.280", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege\u00a0\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "dsap-vuln-management@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "dsap-vuln-management@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA#zippy=%2Cspeakers", + "source": "dsap-vuln-management@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48670.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48670.json index 9c1f7811dfc..8562784cd5f 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48670.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48670.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48670", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-22T16:15:08.457", - "lastModified": "2023-12-22T20:32:41.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:02:50.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.\n\n" + }, + { + "lang": "es", + "value": "Dell SupportAssist para PCs dom\u00e9sticos versi\u00f3n 3.14.1 y versiones anteriores contienen una vulnerabilidad de escalada de privilegios en el instalador. Un atacante local autenticado con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de un ejecutable arbitrario en el sistema operativo con privilegios elevados." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:3.14.2.45116:*:*:*:*:*:*:*", + "matchCriteriaId": "7FC8A4F3-6029-42D8-A251-54D862F0FFD1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000220677/dsa-2023-468-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48704.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48704.json index 996336af674..c3fabc41f7f 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48704.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48704.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48704", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T16:15:08.680", - "lastModified": "2023-12-22T20:32:41.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:01:41.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20." + }, + { + "lang": "es", + "value": "ClickHouse es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Se descubri\u00f3 un problema de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el servidor ClickHouse. Un atacante podr\u00eda enviar un payload especialmente manipulado a la interfaz nativa expuesta de forma predeterminada en el puerto 9000/tcp, lo que desencadenar\u00eda un error en la l\u00f3gica de descompresi\u00f3n del c\u00f3dec Gorilla que bloquear\u00eda el proceso del servidor ClickHouse. Este ataque no requiere autenticaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 23.9.2.47551 de ClickHouse Cloud y en las versiones 23.10.5.20, 23.3.18.15, 23.8.8.20 y 23.9.6.20 de ClickHouse." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +84,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.3", + "versionEndExcluding": "23.3.18.15", + "matchCriteriaId": "D4F746FA-4DEB-4388-8AD1-A7601A950790" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.8", + "versionEndExcluding": "23.8.8.20", + "matchCriteriaId": "F20B40F1-6CCC-47CF-AD9F-C7C9EDBBCF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.9", + "versionEndExcluding": "23.9.6.20", + "matchCriteriaId": "8D70CC6D-81AB-4240-8A87-6B85D868240F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.10", + "versionEndExcluding": "23.10.5.20", + "matchCriteriaId": "1B62252C-3C03-42F9-93B1-C5E8C772BD02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.9.2.47551", + "matchCriteriaId": "A26EA007-5F97-4407-881C-036BC0EB9487" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ClickHouse/ClickHouse/pull/57107", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49119.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49119.json index 02e1d3c9af8..f263475a3c8 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49119.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49119.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49119", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:10.793", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:54:09.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de cross-site scripting almacenado a trav\u00e9s de las etiquetas img existe en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49598.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49598.json index 52c39365bde..0382a0dca52 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49598.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49598.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49598", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:10.930", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:53:48.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Existe una vulnerabilidad de cross-site scripting almacenado en los controladores de eventos de las etiquetas previas en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json index 6b498b90ea6..3feb578d313 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49678.json @@ -2,106 +2,14 @@ "id": "CVE-2023-49678", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:09.780", - "lastModified": "2023-12-27T20:47:15.660", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.290", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDesc' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json index f96d7881f9b..ff57a1d4ce3 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49679.json @@ -2,106 +2,14 @@ "id": "CVE-2023-49679", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.003", - "lastModified": "2023-12-27T20:47:33.007", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.360", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTitle' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json index 6271e59a1f0..0d95e40340d 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49680.json @@ -2,86 +2,14 @@ "id": "CVE-2023-49680", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.250", - "lastModified": "2023-12-27T20:47:39.947", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.433", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTotal' del recurso Employer/InsertJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json index c8594517500..66eaa0c13e5 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49682.json @@ -2,86 +2,14 @@ "id": "CVE-2023-49682", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.693", - "lastModified": "2023-12-27T20:47:54.283", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.503", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDate' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDate' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json index 8213abcf3ac..b990607c9d5 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49683.json @@ -2,96 +2,14 @@ "id": "CVE-2023-49683", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T23:15:10.937", - "lastModified": "2023-12-27T20:48:02.790", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.577", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtDesc' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json index 039e03d2285..a86ff2ef15f 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49684.json @@ -2,86 +2,14 @@ "id": "CVE-2023-49684", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.050", - "lastModified": "2023-12-27T20:48:32.050", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.650", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTitle' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json index 275667f6989..b6d3603e4b6 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49685.json @@ -2,86 +2,14 @@ "id": "CVE-2023-49685", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.237", - "lastModified": "2023-12-27T20:48:40.047", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.720", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTime' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTime' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json index eb25e7066a7..3c81a178a64 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49686.json @@ -2,86 +2,14 @@ "id": "CVE-2023-49686", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.433", - "lastModified": "2023-12-27T20:48:45.937", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.793", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtTotal' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json index ef511ea3444..6b382618773 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49687.json @@ -2,86 +2,14 @@ "id": "CVE-2023-49687", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:35.630", - "lastModified": "2023-12-27T20:48:52.213", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.863", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtPass' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'txtPass' del recurso login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json index e601d8ec636..4d336160fbf 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49690.json @@ -2,106 +2,14 @@ "id": "CVE-2023-49690", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-22T00:15:36.260", - "lastModified": "2023-12-27T20:49:16.410", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T20:15:09.933", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'WalkinId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Job Portal v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticadas. El par\u00e1metro 'WalkinId' del recurso Employer/DeleteJob.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." - } - ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "62B13320-DE1D-4F78-9F3B-C42CFBB95920" - } - ] - } - ] + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/pollini/", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.kashipara.com/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49779.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49779.json index 3368872e8f6..a23379417b0 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49779.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49779.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49779", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:11.017", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:53:39.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Existe una vulnerabilidad de cross-site scripting almacenado en la etiqueta de anclaje de las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json new file mode 100644 index 00000000000..2245baa6caf --- /dev/null +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-49794", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T20:15:10.020", + "lastModified": "2024-01-02T20:15:10.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49807.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49807.json index 69273a7f33b..7c5c059c28f 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49807.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49807.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49807", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:11.113", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:53:31.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de cross-site scripting almacenado al procesar MathJax existe en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50175.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50175.json index 152641db01d..e59994f9beb 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50175.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50175.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50175", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:11.290", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:53:20.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La vulnerabilidad de cross-site scripting almacenado existe en la p\u00e1gina App Settings (/admin/app), la p\u00e1gina Markdown Settings (/admin/markdown) y la p\u00e1gina Customize (/admin/customize) de las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.0", + "matchCriteriaId": "2F6A6B41-1A3E-4D58-9218-7D1BE30F0959" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50294.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50294.json index c95dc56e023..f3f7c9d8a6d 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50294.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50294.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50294", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:11.427", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:45:14.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "La p\u00e1gina App Settings (/admin/app) en las versiones de GROWI anteriores a la v6.0.6 almacena informaci\u00f3n confidencial en forma de texto plano. Como resultado, un atacante que pueda acceder a la p\u00e1gina de configuraci\u00f3n de la aplicaci\u00f3n puede obtener la clave de acceso secreta para el servicio externo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.6", + "matchCriteriaId": "48897F34-5CC8-40BB-A60B-C97F49F7A6D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50339.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50339.json index 4c896460576..3f89cf1255d 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50339.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50339.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50339", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-12-26T08:15:11.657", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T19:54:22.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Existe una vulnerabilidad de cross-site scripting almacenado en la p\u00e1gina User Management (/admin/users) de las versiones de GROWI anteriores a la v6.1.11. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.11", + "matchCriteriaId": "7A36837D-A277-498C-A1EB-A620A33A0E08" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN18715935/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json new file mode 100644 index 00000000000..d128aeac267 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50711", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T20:15:10.250", + "lastModified": "2024-01-02T20:15:10.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json index 34af291b088..5bcf79f18fa 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50822.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50822", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-21T15:15:10.927", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:54:13.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget \u2013 Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget \u2013 Exchange Rates: from n/a through 3.0.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Currency.Wiki Currency Converter Widget \u2013 Exchange Rates permite XSS almacenado. Este problema afecta a Currency Converter Widget \u2013 Exchange Rates: desde n/a hasta 3.0.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:currencywiki:currency_converter_widget_-_exchange_rates:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0.2", + "matchCriteriaId": "0D0266A3-06A2-4FF1-B16C-F99CA9E3A435" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/currency-converter-widget/wordpress-currency-converter-widget-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json new file mode 100644 index 00000000000..14281f17aee --- /dev/null +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-51652", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T20:15:10.453", + "lastModified": "2024-01-02T20:15:10.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json index efa013cdc3a..fab7995c725 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5203.json @@ -2,19 +2,79 @@ "id": "CVE-2023-5203", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:07.770", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:43:49.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique." + }, + { + "lang": "es", + "value": "WP Sessions Time Monitoring Full Automatic WordPress plugin anterior a 1.0.9 no sanitiza la URL de solicitud ni los par\u00e1metros de consulta antes de usarlos en una consulta SQL, lo que permite a atacantes no autenticados extraer datos confidenciales de la base de datos mediante t\u00e9cnicas ciegas de inyecci\u00f3n SQL basadas en tiempo, o en En algunos casos, una t\u00e9cnica basada en error/union." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.9", + "matchCriteriaId": "FBE283B1-312C-42E8-A629-6B260999CE46" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5980.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5980.json index f3a1f7fbf91..64a8b04d23b 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5980.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5980.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5980", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.167", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:45:48.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "BSK Forms Blacklist WordPress plugin anterior a 3.7 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bannersky:bsk_forms_blacklist:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.7", + "matchCriteriaId": "7CDFF2EB-13E1-4C9A-903F-175CCAF35011" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/b621261b-ae18-4853-9ace-7b773810529a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5991.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5991.json index a82c845ffc9..22161f6666f 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5991.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5991.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5991", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.213", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:49:50.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server" + }, + { + "lang": "es", + "value": "Hotel Booking Lite WordPress plugin anterior a 4.8.5 no valida las rutas de archivos proporcionadas a trav\u00e9s de la entrada del usuario, y tampoco tiene CSRF ni controles de autorizaci\u00f3n adecuados, lo que permite a usuarios no autenticados descargar y eliminar archivos arbitrarios en el servidor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:motopress:hotel_booking_lite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.8.5", + "matchCriteriaId": "31917B96-93F5-4253-AB9F-E45394D64F6B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json index 36a58bb2e27..27aa6c8d9ec 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6155.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6155", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.307", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:16:59.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses." + }, + { + "lang": "es", + "value": "Quiz Maker WordPress plugin anterior a 6.4.9.5 no autoriza adecuadamente la acci\u00f3n AJAX `ays_quiz_author_user_search`, lo que permite que un atacante no autenticado realice una b\u00fasqueda de usuarios del sistema y, en \u00faltima instancia, filtre las direcciones de correo electr\u00f3nico de los usuarios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.4.9.5", + "matchCriteriaId": "39C6B8DB-7D55-454F-B169-31A6A256A774" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6166.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6166.json index 96fab82d772..521eae2964e 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6166.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6166.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6166", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.350", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:19:26.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting" + }, + { + "lang": "es", + "value": "Quiz Maker WordPress plugin anterior a 6.4.9.5 no escapa de las URL generadas antes de mostrarlas en atributos, lo que genera Cross-Site Scripting Reflejado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.4.9.5", + "matchCriteriaId": "39C6B8DB-7D55-454F-B169-31A6A256A774" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6250.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6250.json index d15ddca883a..32741f8f425 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6250.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6250.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6250", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-26T19:15:08.403", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:19:11.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag" + }, + { + "lang": "es", + "value": "BestWebSoft's Like & Share WordPress plugin anterior a la versi\u00f3n 2.74 revela el contenido de las publicaciones protegidas con contrase\u00f1a a usuarios no autenticados a trav\u00e9s de una metaetiqueta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bestwebsoft:like_\\&_share:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.74", + "matchCriteriaId": "1C45E243-725B-46CB-867C-4D56A16863B1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/6cad602b-7414-4867-8ae2-f0b846c4c8f0", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6752.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6752.json new file mode 100644 index 00000000000..ae02700aa46 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6752.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-6752", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-01-02T20:15:10.653", + "lastModified": "2024-01-02T20:15:10.653", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6747. Reason: This candidate is a reservation duplicate of CVE-2023-6747. Notes: All CVE users should reference CVE-2023-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7076.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7076.json index dc0f763ea25..39aad853423 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7076.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7076.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7076", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-22T14:15:07.093", - "lastModified": "2023-12-22T20:32:41.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T20:37:14.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2]['subject']/bug[2]['text']/report['subject'] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en slawkens MyAAC hasta 0.8.13. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del sistema de archivos/pages/bugtracker.php. La manipulaci\u00f3n del argumento bug[2]['subject']/bug[2]['text']/report['subject'] conduce a cross site scripting. El ataque se puede iniciar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 0.8.14 puede solucionar este problema. El nombre del parche es 83a91ec540072d319dd338abff45f8d5ebf48190. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-248848." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,22 +95,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:my-aac:myaac:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.8.13", + "matchCriteriaId": "27A79F32-8A18-47B4-9D70-50C91B6B6CFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/otsoft/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/slawkens/myaac/releases/tag/v0.8.14", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.248848", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248848", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json new file mode 100644 index 00000000000..95111b6682a --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-7192", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-02T19:15:11.510", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-402" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-7192", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279", + "source": "secalert@redhat.com" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0188.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0188.json index 5ddc8e1a05b..640a7fcc8f5 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0188.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0188.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0188", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T15:15:10.200", - "lastModified": "2024-01-02T15:15:10.200", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json index f257160837d..5af6871d545 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0189", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T18:15:08.037", - "lastModified": "2024-01-02T18:15:08.037", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0190.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0190.json new file mode 100644 index 00000000000..45ce2fcf516 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0190.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0190", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T19:15:11.717", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249503", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249503", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0191.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0191.json new file mode 100644 index 00000000000..919505325d5 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0191.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0191", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T20:15:10.700", + "lastModified": "2024-01-02T20:15:10.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-538" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249504", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249504", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0192.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0192.json new file mode 100644 index 00000000000..558db2bd167 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0192.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0192", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T20:15:10.933", + "lastModified": "2024-01-02T20:15:10.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249505", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249505", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json index 477c5280f44..582ec587a3a 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0193", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T18:15:08.287", - "lastModified": "2024-01-02T18:15:08.287", - "vulnStatus": "Received", + "lastModified": "2024-01-02T19:36:26.333", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 2c55fe1ce4e..cca14d13853 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-02T19:00:24.121322+00:00 +2024-01-02T21:00:25.062653+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-02T18:40:50.497000+00:00 +2024-01-02T20:54:13.893000+00:00 ``` ### Last Data Feed Release @@ -29,35 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234693 +234703 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `10` -* [CVE-2023-4280](CVE-2023/CVE-2023-42xx/CVE-2023-4280.json) (`2024-01-02T17:15:09.520`) -* [CVE-2024-0189](CVE-2024/CVE-2024-01xx/CVE-2024-0189.json) (`2024-01-02T18:15:08.037`) -* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-02T18:15:08.287`) +* [CVE-2022-3010](CVE-2022/CVE-2022-30xx/CVE-2022-3010.json) (`2024-01-02T19:15:09.783`) +* [CVE-2023-48419](CVE-2023/CVE-2023-484xx/CVE-2023-48419.json) (`2024-01-02T19:15:11.280`) +* [CVE-2023-7192](CVE-2023/CVE-2023-71xx/CVE-2023-7192.json) (`2024-01-02T19:15:11.510`) +* [CVE-2023-49794](CVE-2023/CVE-2023-497xx/CVE-2023-49794.json) (`2024-01-02T20:15:10.020`) +* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-01-02T20:15:10.250`) +* [CVE-2023-51652](CVE-2023/CVE-2023-516xx/CVE-2023-51652.json) (`2024-01-02T20:15:10.453`) +* [CVE-2023-6752](CVE-2023/CVE-2023-67xx/CVE-2023-6752.json) (`2024-01-02T20:15:10.653`) +* [CVE-2024-0190](CVE-2024/CVE-2024-01xx/CVE-2024-0190.json) (`2024-01-02T19:15:11.717`) +* [CVE-2024-0191](CVE-2024/CVE-2024-01xx/CVE-2024-0191.json) (`2024-01-02T20:15:10.700`) +* [CVE-2024-0192](CVE-2024/CVE-2024-01xx/CVE-2024-0192.json) (`2024-01-02T20:15:10.933`) ### CVEs modified in the last Commit -Recently modified CVEs: `13` - -* [CVE-2023-45324](CVE-2023/CVE-2023-453xx/CVE-2023-45324.json) (`2024-01-02T17:15:08.850`) -* [CVE-2023-45329](CVE-2023/CVE-2023-453xx/CVE-2023-45329.json) (`2024-01-02T17:15:08.970`) -* [CVE-2023-45331](CVE-2023/CVE-2023-453xx/CVE-2023-45331.json) (`2024-01-02T17:15:09.060`) -* [CVE-2023-45332](CVE-2023/CVE-2023-453xx/CVE-2023-45332.json) (`2024-01-02T17:15:09.133`) -* [CVE-2023-45333](CVE-2023/CVE-2023-453xx/CVE-2023-45333.json) (`2024-01-02T17:15:09.213`) -* [CVE-2023-45335](CVE-2023/CVE-2023-453xx/CVE-2023-45335.json) (`2024-01-02T17:15:09.287`) -* [CVE-2023-45337](CVE-2023/CVE-2023-453xx/CVE-2023-45337.json) (`2024-01-02T17:15:09.363`) -* [CVE-2023-45339](CVE-2023/CVE-2023-453xx/CVE-2023-45339.json) (`2024-01-02T17:15:09.447`) -* [CVE-2023-7026](CVE-2023/CVE-2023-70xx/CVE-2023-7026.json) (`2024-01-02T17:48:23.077`) -* [CVE-2023-51656](CVE-2023/CVE-2023-516xx/CVE-2023-51656.json) (`2024-01-02T17:59:52.730`) -* [CVE-2023-2585](CVE-2023/CVE-2023-25xx/CVE-2023-2585.json) (`2024-01-02T18:28:16.777`) -* [CVE-2023-7025](CVE-2023/CVE-2023-70xx/CVE-2023-7025.json) (`2024-01-02T18:31:31.617`) -* [CVE-2023-50724](CVE-2023/CVE-2023-507xx/CVE-2023-50724.json) (`2024-01-02T18:40:50.497`) +Recently modified CVEs: `63` + +* [CVE-2023-48670](CVE-2023/CVE-2023-486xx/CVE-2023-48670.json) (`2024-01-02T20:02:50.297`) +* [CVE-2023-45112](CVE-2023/CVE-2023-451xx/CVE-2023-45112.json) (`2024-01-02T20:15:09.040`) +* [CVE-2023-45113](CVE-2023/CVE-2023-451xx/CVE-2023-45113.json) (`2024-01-02T20:15:09.137`) +* [CVE-2023-45114](CVE-2023/CVE-2023-451xx/CVE-2023-45114.json) (`2024-01-02T20:15:09.217`) +* [CVE-2023-49678](CVE-2023/CVE-2023-496xx/CVE-2023-49678.json) (`2024-01-02T20:15:09.290`) +* [CVE-2023-49679](CVE-2023/CVE-2023-496xx/CVE-2023-49679.json) (`2024-01-02T20:15:09.360`) +* [CVE-2023-49680](CVE-2023/CVE-2023-496xx/CVE-2023-49680.json) (`2024-01-02T20:15:09.433`) +* [CVE-2023-49682](CVE-2023/CVE-2023-496xx/CVE-2023-49682.json) (`2024-01-02T20:15:09.503`) +* [CVE-2023-49683](CVE-2023/CVE-2023-496xx/CVE-2023-49683.json) (`2024-01-02T20:15:09.577`) +* [CVE-2023-49684](CVE-2023/CVE-2023-496xx/CVE-2023-49684.json) (`2024-01-02T20:15:09.650`) +* [CVE-2023-49685](CVE-2023/CVE-2023-496xx/CVE-2023-49685.json) (`2024-01-02T20:15:09.720`) +* [CVE-2023-49686](CVE-2023/CVE-2023-496xx/CVE-2023-49686.json) (`2024-01-02T20:15:09.793`) +* [CVE-2023-49687](CVE-2023/CVE-2023-496xx/CVE-2023-49687.json) (`2024-01-02T20:15:09.863`) +* [CVE-2023-49690](CVE-2023/CVE-2023-496xx/CVE-2023-49690.json) (`2024-01-02T20:15:09.933`) +* [CVE-2023-6155](CVE-2023/CVE-2023-61xx/CVE-2023-6155.json) (`2024-01-02T20:16:59.773`) +* [CVE-2023-6250](CVE-2023/CVE-2023-62xx/CVE-2023-6250.json) (`2024-01-02T20:19:11.973`) +* [CVE-2023-6166](CVE-2023/CVE-2023-61xx/CVE-2023-6166.json) (`2024-01-02T20:19:26.667`) +* [CVE-2023-7076](CVE-2023/CVE-2023-70xx/CVE-2023-7076.json) (`2024-01-02T20:37:14.207`) +* [CVE-2023-5203](CVE-2023/CVE-2023-52xx/CVE-2023-5203.json) (`2024-01-02T20:43:49.667`) +* [CVE-2023-5980](CVE-2023/CVE-2023-59xx/CVE-2023-5980.json) (`2024-01-02T20:45:48.277`) +* [CVE-2023-5991](CVE-2023/CVE-2023-59xx/CVE-2023-5991.json) (`2024-01-02T20:49:50.667`) +* [CVE-2023-50822](CVE-2023/CVE-2023-508xx/CVE-2023-50822.json) (`2024-01-02T20:54:13.893`) +* [CVE-2024-0188](CVE-2024/CVE-2024-01xx/CVE-2024-0188.json) (`2024-01-02T19:36:26.333`) +* [CVE-2024-0189](CVE-2024/CVE-2024-01xx/CVE-2024-0189.json) (`2024-01-02T19:36:26.333`) +* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-02T19:36:26.333`) ## Download and Usage