Skip to content

Commit

Permalink
Auto-Update: 2024-11-27T19:01:43.480293+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Nov 27, 2024
1 parent bbe73cc commit a08f514
Show file tree
Hide file tree
Showing 45 changed files with 2,164 additions and 336 deletions.
32 changes: 30 additions & 2 deletions CVE-2023/CVE-2023-21xx/CVE-2023-2142.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,43 @@
"id": "CVE-2023-2142",
"sourceIdentifier": "[email protected]",
"published": "2024-11-26T12:15:18.307",
"lastModified": "2024-11-26T12:15:18.307",
"lastModified": "2024-11-27T17:15:05.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."
},
{
"lang": "es",
"value": "En las versiones de Nunjucks anteriores a la versi\u00f3n 3.2.4, era posible eludir las restricciones que proporciona la funci\u00f3n de escape autom\u00e1tico. Si hay dos par\u00e1metros controlados por el usuario en la misma l\u00ednea utilizada en las vistas, era posible inyectar payloads de cross-site scripting utilizando el car\u00e1cter de barra invertida \\."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
Expand Down
41 changes: 29 additions & 12 deletions CVE-2023/CVE-2023-322xx/CVE-2023-32223.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-32223",
"sourceIdentifier": "[email protected]",
"published": "2023-06-28T21:15:09.940",
"lastModified": "2023-07-06T15:33:10.737",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-27T17:15:05.937",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
Expand All @@ -14,41 +14,41 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
Expand All @@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
Expand Down Expand Up @@ -103,6 +113,13 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
44 changes: 39 additions & 5 deletions CVE-2023/CVE-2023-332xx/CVE-2023-33298.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-33298",
"sourceIdentifier": "[email protected]",
"published": "2023-06-30T22:15:10.077",
"lastModified": "2023-08-02T15:40:35.783",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-27T17:15:06.230",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
Expand All @@ -19,16 +19,16 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
Expand All @@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
Expand Down Expand Up @@ -88,6 +98,30 @@
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://support.perimeter81.com/docs/macos-agent-release-notes",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.kb.cert.org/vuls/id/653767",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.ns-echo.com/posts/cve_2023_33298.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}
27 changes: 22 additions & 5 deletions CVE-2023/CVE-2023-335xx/CVE-2023-33570.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-33570",
"sourceIdentifier": "[email protected]",
"published": "2023-06-28T20:15:09.540",
"lastModified": "2023-07-10T15:53:05.990",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-27T17:15:06.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
Expand All @@ -19,16 +19,16 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
Expand All @@ -45,6 +45,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
Expand All @@ -71,6 +81,13 @@
"tags": [
"Exploit"
]
},
{
"url": "https://siltonrenato02.medium.com/a-brief-summary-about-a-ssti-to-rce-in-bagisto-e900ac450490",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
}
]
}
34 changes: 29 additions & 5 deletions CVE-2023/CVE-2023-358xx/CVE-2023-35830.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-35830",
"sourceIdentifier": "[email protected]",
"published": "2023-06-29T16:15:09.897",
"lastModified": "2023-07-11T19:25:28.647",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-27T17:15:08.783",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
Expand All @@ -19,16 +19,16 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
Expand All @@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
Expand Down Expand Up @@ -132,6 +142,20 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.stw-mobile-machines.com/fileadmin/user_upload/content/STW/PSIRT/STW-IR-23-001.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.stw-mobile-machines.com/psirt/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
16 changes: 16 additions & 0 deletions CVE-2024/CVE-2024-111xx/CVE-2024-11160.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"id": "CVE-2024-11160",
"sourceIdentifier": "[email protected]",
"published": "2024-11-27T18:15:08.620",
"lastModified": "2024-11-27T18:15:08.620",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}
Loading

0 comments on commit a08f514

Please sign in to comment.