diff --git a/CVE-2021/CVE-2021-448xx/CVE-2021-44879.json b/CVE-2021/CVE-2021-448xx/CVE-2021-44879.json index f12f4f3d0ea..882f240a423 100644 --- a/CVE-2021/CVE-2021-448xx/CVE-2021-44879.json +++ b/CVE-2021/CVE-2021-448xx/CVE-2021-44879.json @@ -2,7 +2,7 @@ "id": "CVE-2021-44879", "sourceIdentifier": "cve@mitre.org", "published": "2022-02-14T12:15:15.697", - "lastModified": "2023-11-07T03:39:44.303", + "lastModified": "2024-01-11T19:15:08.583", "vulnStatus": "Modified", "descriptions": [ { @@ -120,6 +120,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" + }, { "url": "https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao%40kernel.org/T/", "source": "cve@mitre.org" diff --git a/CVE-2022/CVE-2022-343xx/CVE-2022-34344.json b/CVE-2022/CVE-2022-343xx/CVE-2022-34344.json index 01b8d14fe41..e3537e1bf82 100644 --- a/CVE-2022/CVE-2022-343xx/CVE-2022-34344.json +++ b/CVE-2022/CVE-2022-343xx/CVE-2022-34344.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34344", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T22:15:44.540", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:06:48.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rymera:wholesale_suite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.5", + "matchCriteriaId": "77798B58-A903-4381-8650-5A3D5C6E05B7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-wholesale-prices/wordpress-wholesale-suite-plugin-2-1-5-auth-plugin-settings-change-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36352.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36352.json index 3f268a3ccca..f08a6a877b4 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36352.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36352.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36352", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T22:15:44.760", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:06:12.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.0.3", + "matchCriteriaId": "305392CC-8998-43F0-9DFF-E82FB289BB56" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-0-3-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-406xx/CVE-2022-40696.json b/CVE-2022/CVE-2022-406xx/CVE-2022-40696.json index eafdc49d039..39c7b7f7a98 100644 --- a/CVE-2022/CVE-2022-406xx/CVE-2022-40696.json +++ b/CVE-2022/CVE-2022-406xx/CVE-2022-40696.json @@ -2,8 +2,8 @@ "id": "CVE-2022-40696", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T22:15:44.970", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:05:58.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "3.1.1", + "versionEndIncluding": "6.0.2", + "matchCriteriaId": "CE847C43-BE85-418E-BF75-9AD9903CA4A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-custom-fields/wordpress-advanced-custom-fields-plugin-3-1-1-6-0-2-custom-field-value-exposure?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45354.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45354.json index 20a5ee9e89b..05900ef550a 100644 --- a/CVE-2022/CVE-2022-453xx/CVE-2022-45354.json +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45354.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45354", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:08.260", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:57:20.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.7.60", + "matchCriteriaId": "1B62342C-5140-473C-8B2D-2904607E27E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-7-60-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0590.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0590.json index 7a44756ca7d..87ebbee5f03 100644 --- a/CVE-2023/CVE-2023-05xx/CVE-2023-0590.json +++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0590.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0590", "sourceIdentifier": "secalert@redhat.com", "published": "2023-03-23T21:15:19.150", - "lastModified": "2023-11-07T04:00:55.317", + "lastModified": "2024-01-11T19:15:08.700", "vulnStatus": "Modified", "descriptions": [ { @@ -46,7 +46,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -80,6 +80,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1077.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1077.json index 15e5f0394db..839a6e27ad8 100644 --- a/CVE-2023/CVE-2023-10xx/CVE-2023-1077.json +++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1077.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1077", "sourceIdentifier": "secalert@redhat.com", "published": "2023-03-27T21:15:10.467", - "lastModified": "2023-06-05T17:23:45.357", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:08.787", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -58,7 +58,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -74,7 +73,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -377,6 +375,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0002/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json index 5f3d42edc85..99bd529c1e0 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json @@ -2,7 +2,7 @@ "id": "CVE-2023-1206", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-30T22:15:09.747", - "lastModified": "2023-10-20T00:15:11.257", + "lastModified": "2024-01-11T19:15:08.937", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "source": "secalert@redhat.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0006/", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1989.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1989.json index 267cbdd7386..d48351e70c7 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1989.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1989.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1989", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-11T21:15:15.503", - "lastModified": "2023-12-22T20:55:33.283", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:09.050", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -198,6 +198,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0004/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25775.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25775.json index 9c90df8dde0..a3d5359c1f8 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25775.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25775.json @@ -2,7 +2,7 @@ "id": "CVE-2023-25775", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:18.940", - "lastModified": "2023-11-07T04:09:11.527", + "lastModified": "2024-01-11T19:15:09.173", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "6dda929c-bb53-4a77-a76d-48e79601a1ce", + "source": "secure@intel.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "6dda929c-bb53-4a77-a76d-48e79601a1ce", + "source": "secure@intel.com", "type": "Secondary", "description": [ { @@ -106,6 +106,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secure@intel.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230915-0013/", "source": "secure@intel.com" diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26998.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26998.json index fba89fc47a6..e1e9aada68f 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26998.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26998.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26998", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T02:15:43.960", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:04:56.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Vulnerabilidad de Cross Site Scripting encontrada en NetScoutnGeniusOne v.6.3.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro creator de la p\u00e1gina de configuraci\u00f3n de alerta." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "7E6205EA-C821-4A7A-9CF3-D4A71D34C98E" + } + ] + } + ] + } + ], "references": [ { "url": "http://netscout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://ngeniusone.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26999.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26999.json index 01a4c46d232..fafe32becc4 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26999.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26999.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26999", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T02:15:44.020", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:19:49.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Un problema encontrado en NetScout nGeniusOne v.6.3.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "7E6205EA-C821-4A7A-9CF3-D4A71D34C98E" + } + ] + } + ] + } + ], "references": [ { "url": "http://netscout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://ngeniusone.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json index 212d94b2529..6c6bf281587 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30617", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T16:15:08.117", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:37:48.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege." + }, + { + "lang": "es", + "value": "Kruise proporciona gesti\u00f3n automatizada de aplicaciones a gran escala en Kubernetes. A partir de la versi\u00f3n 0.8.0 y antes de las versiones 1.3.1, 1.4.1 y 1.5.2, un atacante que haya obtenido privilegios de root en el nodo que ejecuta kruise-daemon puede aprovechar el pod kruise-daemon para enumerar todos los secretos en todo el cl\u00faster. Despu\u00e9s de eso, el atacante puede aprovechar los secretos \"capturados\" (por ejemplo, el token de la cuenta de servicio kruise-manager) para obtener privilegios adicionales, como la modificaci\u00f3n del pod. Las versiones 1.3.1, 1.4.1 y 1.5.2 solucionan este problema. Hay un workaround disponible. Para los usuarios que no requieren funciones de imagepulljob, pueden modificar kruise-daemon-role para eliminar el privilegio de obtenci\u00f3n/lista de secretos a nivel de cl\u00faster." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +84,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openkruise:kruise:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.0", + "versionEndExcluding": "1.3.1", + "matchCriteriaId": "57BCE0E8-737C-4F60-A649-9A7AF93B3083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openkruise:kruise:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.4.0", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "8B827C8D-19E3-4492-9553-12562C329AF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openkruise:kruise:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.5.0", + "versionEndExcluding": "1.5.2", + "matchCriteriaId": "BC512B85-26B5-44E2-9CE3-1135652ECBEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpw", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json index 2811c608da9..9b0e295b103 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3212", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-23T20:15:09.563", - "lastModified": "2023-10-26T20:17:44.710", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:10.120", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -299,6 +299,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0005/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json index c624e3a8c6e..907d8586433 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3390", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-06-28T21:15:10.447", - "lastModified": "2023-09-11T19:15:43.490", - "vulnStatus": "Modified", + "lastModified": "2024-01-11T19:15:10.293", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de use-after-free en el subsistema netfilter del kernel de Linux en net/netfilter/nf_tables_api.c. El manejo de errores mal manejado con NFT_MSG_NEWRULE permite usar un puntero colgante en la misma transacci\u00f3n que causa una vulnerabilidad de use-after-free. Esta falla permite que un atacante local con acceso de usuario cause un problema de escalada de privilegios. Recomendamos actualizar al commit anterior 1240eb93f0616b21c675416516ff3d74798fdc97." } ], "metrics": { @@ -119,6 +123,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "source": "cve-coordination@google.com" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0004/", "source": "cve-coordination@google.com" diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json index 787d225f492..5396b66a707 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34319", "sourceIdentifier": "security@xen.org", "published": "2023-09-22T14:15:45.627", - "lastModified": "2023-11-29T15:15:07.917", + "lastModified": "2024-01-11T19:15:09.340", "vulnStatus": "Modified", "descriptions": [ { @@ -88,6 +88,10 @@ "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html", "source": "security@xen.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "security@xen.org" + }, { "url": "https://xenbits.xenproject.org/xsa/advisory-432.html", "source": "security@xen.org", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34324.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34324.json index fec3616dd7c..7db3b258fde 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34324.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34324.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34324", "sourceIdentifier": "security@xen.org", "published": "2024-01-05T17:15:08.540", - "lastModified": "2024-01-11T17:12:10.657", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:09.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -74,6 +74,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "security@xen.org" + }, { "url": "https://xenbits.xenproject.org/xsa/advisory-441.html", "source": "security@xen.org", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json index e6103bea0ea..9f494027e84 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35001", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-05T19:15:10.147", - "lastModified": "2023-12-29T16:03:16.633", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:09.490", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -244,6 +244,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "security@ubuntu.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", "source": "security@ubuntu.com", diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36915.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36915.json index deb7461f434..dd1f1c4d83d 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36915.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36915.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36915", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-08T15:15:14.790", - "lastModified": "2024-01-08T18:15:47.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:09:31.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n FST fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la asignaci\u00f3n de la matriz `chain_table`." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*", + "matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36916.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36916.json index d633c7b7b13..4a54f149350 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36916.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36916.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36916", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-08T15:15:14.990", - "lastModified": "2024-01-08T18:15:47.867", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:04:33.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n FST fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la asignaci\u00f3n de la matriz `chain_table_lengths`." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*", + "matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json index d9d428f6f5b..3b9dd5d2743 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3609", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.743", - "lastModified": "2023-11-29T15:15:08.150", + "lastModified": "2024-01-11T19:15:10.430", "vulnStatus": "Modified", "descriptions": [ { @@ -182,6 +182,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0005/", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json index 6e86484d7b6..d59c07a0ae9 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3611", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.897", - "lastModified": "2023-10-26T20:28:57.463", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:10.547", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -151,6 +151,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230908-0002/", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json index 6945bfd01d6..8d428d33b44 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3772", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-25T16:15:11.660", - "lastModified": "2023-12-28T14:35:56.913", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:10.697", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -220,6 +220,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5492", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json index 6d4952d8fa9..4c4a2a162cd 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3776", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.973", - "lastModified": "2023-11-29T15:15:08.297", + "lastModified": "2024-01-11T19:15:10.830", "vulnStatus": "Modified", "descriptions": [ { @@ -163,6 +163,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5480", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39189.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39189.json index f41c248d987..ce7be81533d 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39189.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39189.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39189", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-09T18:15:10.160", - "lastModified": "2023-11-07T04:17:26.990", + "lastModified": "2024-01-11T19:15:09.640", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 5.2 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -149,6 +149,10 @@ "Patch", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39192.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39192.json index 2420be3b9fd..2ca586f5605 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39192.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39192.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39192", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-09T18:15:10.233", - "lastModified": "2023-11-07T04:17:27.423", + "lastModified": "2024-01-11T19:15:09.757", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 5.2 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -145,6 +145,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json index cc41f76f709..bbeb64f50ad 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39193", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-09T18:15:10.303", - "lastModified": "2023-11-16T01:52:36.863", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:09.857", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -150,6 +150,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39194.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39194.json index 202b464f369..accc8f0d36a 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39194.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39194.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39194", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-09T18:15:10.367", - "lastModified": "2023-11-07T04:17:28.420", + "lastModified": "2024-01-11T19:15:10.003", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -180,6 +180,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json index 9c077d8ad81..aabb2e8690e 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40283.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40283", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T03:15:09.257", - "lastModified": "2023-11-29T15:15:08.507", + "lastModified": "2024-01-11T19:15:10.930", "vulnStatus": "Modified", "descriptions": [ { @@ -166,6 +166,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20231020-0007/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json index d0768607d39..2c5488a1153 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42753", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-25T21:15:15.923", - "lastModified": "2024-01-10T15:15:08.780", + "lastModified": "2024-01-11T19:15:11.010", "vulnStatus": "Modified", "descriptions": [ { @@ -209,6 +209,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://seclists.org/oss-sec/2023/q3/216", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42754.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42754.json index 119db9411a6..c85eab3a0ba 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42754.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42754.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42754", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-05T19:15:11.413", - "lastModified": "2023-11-07T04:21:14.463", + "lastModified": "2024-01-11T19:15:11.187", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -171,6 +171,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42755.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42755.json index ce27c8bed78..54bea361e68 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42755.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42755.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42755", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-05T19:15:11.497", - "lastModified": "2023-11-07T04:21:14.657", + "lastModified": "2024-01-11T19:15:11.317", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -153,6 +153,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" + }, { "url": "https://seclists.org/oss-sec/2023/q3/229", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json index a043a1bae05..6e6a4596373 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4206", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.280", - "lastModified": "2023-09-11T17:57:25.160", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:11.627", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.\n\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de use-after-free en el componente net/sched: cls_route del kernel de Linux se puede explotar para lograr una escalada de privilegios local. Cuando se llama a route4_change() en un filtro existente, toda la estructura tcf_result siempre se copia en la nueva instancia del filtro. Esto causa un problema al actualizar un filtro vinculado a una clase, ya que siempre se llama a tcf_unbind_filter() en la instancia anterior en la ruta exitosa, lo que disminuye filter_cnt de la clase a la que todav\u00eda se hace referencia y permite que se elimine, lo que lleva a un use-after-free. Recomendamos actualizar al commit anterior b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8." } ], "metrics": { @@ -128,6 +132,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5492", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json index 4f0e55419c0..410d0beb98c 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4207", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.453", - "lastModified": "2023-09-11T18:13:33.030", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:11.767", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nWhen fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.\n\n" + }, + { + "lang": "es", + "value": "Se puede explotar una vulnerabilidad de use-after-free en el componente Linux kernel's net/sched: cls_fw para conseguir una escalada local de privilegios. Cuando se llama a fw_change() en un filtro existente, toda la estructura tcf_result se copia siempre en la nueva instancia del filtro.Esto causa un problema cuando se actualiza un filtro vinculado a una clase, ya que tcf_unbind_filter() siempre llama a la instancia antigua en la ruta de \u00e9xito, disminuyendo filter_cnt de la clase a\u00fan referenciada y permitiendo que se elimine, lo que lleva a un Use After Free. Recomendamos actualizar el commit a partir de 76e42ae831991c828cffa8c37736ebfb831ad5ec." } ], "metrics": { @@ -128,6 +132,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5492", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json index 0f7c5506267..0c4359c3e2d 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4208", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.627", - "lastModified": "2023-09-11T18:12:56.827", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:11.887", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nWhen u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Use After Free en el componente net/sched: cls_u32 del kernel de Linux puede ser explotada para conseguir una escalada local de privilegios. Cuando se llama a u32_change() en un filtro existente, toda la estructura tcf_result se copia siempre en la nueva instancia del filtro. Esto causa un problema cuando se actualiza un filtro vinculado a una clase, ya que tcf_unbind_filter() siempre llama a la instancia antigua en la ruta de \u00e9xito, disminuyendo filter_cnt de la clase a\u00fan referenciada y permitiendo que se elimine, lo que lleva a un Use After Free. Recomendamos actualizar el commit a partir de 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81." } ], "metrics": { @@ -124,6 +128,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5492", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json index f5c23df908c..92fb9cb240c 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4244", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.877", - "lastModified": "2023-10-29T02:43:23.623", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:11.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -139,6 +139,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45863.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45863.json index ab1240e6893..14cbb3e4dba 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45863.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45863", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-14T21:15:45.233", - "lastModified": "2023-10-19T13:12:23.513", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:11.420", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Mailing List", "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json index 9123e678624..f39acd50698 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45871.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45871", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-15T01:15:09.027", - "lastModified": "2024-01-04T18:04:09.773", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:11.530", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20231110-0001/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json index 2a8fffb6325..4af5b502978 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4622", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:12.193", - "lastModified": "2023-11-29T15:15:09.750", + "lastModified": "2024-01-11T19:15:12.097", "vulnStatus": "Modified", "descriptions": [ { @@ -150,6 +150,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5492", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json index 2ef8adc2b5e..68cd1f8396d 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4623", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:12.357", - "lastModified": "2023-11-29T15:15:09.843", + "lastModified": "2024-01-11T19:15:12.260", "vulnStatus": "Modified", "descriptions": [ { @@ -144,6 +144,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json index 84be2c35357..7947443a5ed 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47890", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-08T20:15:44.453", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:01:55.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "pyLoad 0.5.0 es vulnerable a la carga de archivos sin restricciones." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E5A06D79-6D64-41FB-9040-17E9630DF4E9" + } + ] + } + ] + } + ], "references": [ { "url": "http://pyload.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/pyload/pyload/security/advisories/GHSA-h73m-pcfw-25h2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json index eb037debe84..3cfd2c4381a 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4921", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-12T20:15:10.573", - "lastModified": "2023-10-29T02:39:14.720", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:12.373", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -141,6 +141,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json index 22d2a1c8d9f..263ee2a09dd 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50162", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T00:15:44.320", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:05:12.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en EmpireCMS v7.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n DoExecSql." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phome:empirecms:7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E98F3E40-61C8-4876-AF5B-BA3786690439" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Teresazdy/CVE", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50253.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50253.json index fc98b53b61f..2e97eb161b6 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50253.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50253.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50253", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:11.387", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:21:43.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist." + }, + { + "lang": "es", + "value": "Laf es una plataforma de desarrollo en la nube. En el dise\u00f1o de la versi\u00f3n Laf, el registro utiliza la comunicaci\u00f3n con k8s para recuperar r\u00e1pidamente los registros del contenedor sin necesidad de almacenamiento adicional. Sin embargo, en la versi\u00f3n 1.0.0-beta.13 y anteriores, esta interfaz no verifica los permisos del pod, lo que permite a los usuarios autenticados obtener cualquier registro del pod bajo el mismo espacio de nombres a trav\u00e9s de este m\u00e9todo, obteniendo as\u00ed informaci\u00f3n confidencial impresa en los registros. Al momento de la publicaci\u00f3n, no existen versiones parcheadas conocidas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +80,728 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*", + "matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*", + "matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*", + "matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*", + "matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*", + "matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*", + "matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*", + "matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:-:*:*:*:*:*:*", + "matchCriteriaId": "8FDC6F83-024F-4C40-83E0-D8AFB3FE4ABB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.1:-:*:*:*:*:*:*", + "matchCriteriaId": "5C82022C-C019-4F89-8969-C2A593F54BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.2:-:*:*:*:*:*:*", + "matchCriteriaId": "A9A51882-1741-408B-BD11-6E6B573F9F07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.4:-:*:*:*:*:*:*", + "matchCriteriaId": "9F93AD7E-4AF3-4A87-A907-E23ABEEF162F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.5:-:*:*:*:*:*:*", + "matchCriteriaId": "D86C813A-F2E7-497D-9A40-00E7011E5CFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.7:-:*:*:*:*:*:*", + "matchCriteriaId": "5478B773-5286-4275-B75F-29FC6686402C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "75F09F04-C6B9-4813-8F60-5F05B281EDEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*", + "matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*", + "matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*", + "matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*", + "matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*", + "matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*", + "matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*", + "matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*", + "matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*", + "matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*", + "matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*", + "matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*", + "matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*", + "matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*", + "matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*", + "matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*", + "matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*", + "matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*", + "matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*", + "matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*", + "matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*", + "matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*", + "matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*", + "matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*", + "matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*", + "matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E2CFA164-92C3-482E-94D2-051789C174CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*", + "matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*", + "matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*", + "matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*", + "matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*", + "matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.5:-:*:*:*:*:*:*", + "matchCriteriaId": "25AF57B0-7EAC-4D84-BE8B-C6208D7B3D8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:-:*:*:*:*:*:*", + "matchCriteriaId": "6CD79762-5AB9-436F-A14C-936C224C08C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*", + "matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*", + "matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*", + "matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*", + "matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*", + "matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*", + "matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*", + "matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*", + "matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*", + "matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*", + "matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*", + "matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*", + "matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*", + "matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*", + "matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*", + "matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*", + "matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*", + "matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*", + "matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/labring/laf/pull/1468", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51074.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51074.json index 17cdd00f3c6..a3ade47a07b 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51074.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51074.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51074", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-27T21:15:08.253", - "lastModified": "2024-01-09T15:27:57.320", + "lastModified": "2024-01-11T20:01:29.860", "vulnStatus": "Analyzed", "descriptions": [ { @@ -21,7 +21,7 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -29,12 +29,12 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.4 } ] }, @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-787" + "value": "NVD-CWE-Other" } ] } diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51439.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51439.json index 241b237669d..b1e3530ed02 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51439.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51439.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51439", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-09T10:15:21.350", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:36:36.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -50,10 +70,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "46A0DA84-3D17-4B66-8D2A-F3508436032C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.3.0", + "versionEndExcluding": "13.3.0.13", + "matchCriteriaId": "AD077F2B-E8A3-4766-91C4-BA42747301BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.1", + "versionEndExcluding": "14.1.0.12", + "matchCriteriaId": "E256021C-A93A-4D2C-B3BA-6A26F1735418" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.2", + "versionEndExcluding": "14.2.0.9", + "matchCriteriaId": "69855C2B-0F94-45CE-A7DD-D87A4E4C608C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.3", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "E21BB537-ED57-4F27-B9C9-1E5816F2F294" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51744.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51744.json index d6098b0229c..3a56a349ef6 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51744.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51744.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51744", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-09T10:15:21.657", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:39:08.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", @@ -50,10 +70,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "46A0DA84-3D17-4B66-8D2A-F3508436032C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.3.0", + "versionEndExcluding": "13.3.0.13", + "matchCriteriaId": "AD077F2B-E8A3-4766-91C4-BA42747301BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.1", + "versionEndExcluding": "14.1.0.12", + "matchCriteriaId": "E256021C-A93A-4D2C-B3BA-6A26F1735418" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.2", + "versionEndExcluding": "14.2.0.9", + "matchCriteriaId": "69855C2B-0F94-45CE-A7DD-D87A4E4C608C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.3", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "E21BB537-ED57-4F27-B9C9-1E5816F2F294" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51745.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51745.json index e403079740f..dfbdc28ed9a 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51745.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51745.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51745", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-09T10:15:21.947", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:39:21.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -50,10 +70,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "46A0DA84-3D17-4B66-8D2A-F3508436032C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.3.0", + "versionEndExcluding": "13.3.0.13", + "matchCriteriaId": "AD077F2B-E8A3-4766-91C4-BA42747301BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.1", + "versionEndExcluding": "14.1.0.12", + "matchCriteriaId": "E256021C-A93A-4D2C-B3BA-6A26F1735418" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.2", + "versionEndExcluding": "14.2.0.9", + "matchCriteriaId": "69855C2B-0F94-45CE-A7DD-D87A4E4C608C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.3", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "E21BB537-ED57-4F27-B9C9-1E5816F2F294" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51746.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51746.json index a6be54e66bf..bad6a07a463 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51746.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51746.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51746", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-09T10:15:22.253", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:35:08.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -50,10 +70,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "46A0DA84-3D17-4B66-8D2A-F3508436032C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.3.0", + "versionEndExcluding": "13.3.0.13", + "matchCriteriaId": "AD077F2B-E8A3-4766-91C4-BA42747301BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.1", + "versionEndExcluding": "14.1.0.12", + "matchCriteriaId": "E256021C-A93A-4D2C-B3BA-6A26F1735418" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.2", + "versionEndExcluding": "14.2.0.9", + "matchCriteriaId": "69855C2B-0F94-45CE-A7DD-D87A4E4C608C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.3", + "versionEndExcluding": "14.3.0.6", + "matchCriteriaId": "E21BB537-ED57-4F27-B9C9-1E5816F2F294" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json new file mode 100644 index 00000000000..12df278be9a --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51780.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-51780", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T19:15:12.500", + "lastModified": "2024-01-11T19:15:12.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json new file mode 100644 index 00000000000..aa40713a031 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51781.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-51781", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T19:15:12.553", + "lastModified": "2024-01-11T19:15:12.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json new file mode 100644 index 00000000000..ad740cf1d57 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51782.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-51782", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T19:15:12.727", + "lastModified": "2024-01-11T19:15:12.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52072.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52072.json index a898faa3215..69ee5b6bd5b 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52072.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52072.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52072", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-08T22:15:45.173", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:05:45.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Se descubri\u00f3 que FlyCms v1.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /system/site/userconfig_updagte." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zouyang0714/cms/blob/main/2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52073.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52073.json index b356f518ea8..ad77b4cd3f4 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52073.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52073.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52073", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-08T22:15:45.220", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:05:37.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Se descubri\u00f3 que FlyCms v1.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /system/site/config_footer_updagte." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zouyang0714/cms/blob/main/3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52074.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52074.json index 39d8a905796..266e05cbbcb 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52074.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52074", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-08T22:15:45.267", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:05:27.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Se descubri\u00f3 que FlyCms v1.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente system/site/webconfig_updagte." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zouyang0714/cms/blob/main/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52196.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52196.json index 1c986c23833..a9f9491fb18 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52196.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52196.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52196", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:09.820", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:29:45.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ewels:cpt_bootstrap_carousel:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.12", + "matchCriteriaId": "12D4CA0A-F6B2-4EEC-BC30-D36B4326793E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cpt-bootstrap-carousel/wordpress-cpt-bootstrap-carousel-plugin-1-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52197.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52197.json index f33e004f83b..0baf1338399 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52197.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52197.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52197", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:10.040", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:07:32.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:impactpixel:ads_invalid_click_protection:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "12B99029-C75C-4E6A-93B4-42E0EC66B2A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ads-invalid-click-protection/wordpress-ads-invalid-click-protection-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52198.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52198.json index bf88a5c1e33..d94011098d3 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52198.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52198.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52198", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:10.243", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:07:27.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:michielvaneerd:private_google_calendars:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "20231125", + "matchCriteriaId": "F07FBB1F-6803-4AE5-BA57-103D6EDA7F97" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/private-google-calendars/wordpress-private-google-calendars-plugin-20231125-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json index fd16c4c933e..5347718fd74 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52200", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:44.777", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:58:01.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -54,10 +74,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.22", + "matchCriteriaId": "A0BC3A14-E3C9-40D2-A8BA-9996D059B12E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52201.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52201.json index ac97c2710f5..e22bb565c1a 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52201.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52201.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52201", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:10.443", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:07:16.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:briandgoad:ptypeconverter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.2.8.1", + "matchCriteriaId": "500DBF7E-674F-4561-8785-6E16F31104F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ptypeconverter/wordpress-ptypeconverter-plugin-0-2-8-1-subscriber-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52202.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52202.json index f7c42378aff..23d1aae3383 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52202.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52202.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52202", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T21:15:10.633", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:07:05.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:svnlabs:html5_mp3_player_with_folder_feedburner_playlist_free:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.0", + "matchCriteriaId": "186A61B0-E953-4ABD-B375-D1BDDA9AC3C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/html5-mp3-player-with-mp3-folder-feedburner-playlist/wordpress-html5-mp3-player-with-folder-feedburner-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json index 371c06ef90e..6495a54e877 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52203", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:45.010", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:58:13.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cformsii_project:cformsii:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "15.0.5", + "matchCriteriaId": "6A866F1D-87B5-462B-87B6-B74BC16FD623" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json index 6b7bee60d83..198f3baff41 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52204", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:45.263", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:58:25.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:javik:randomize:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.3", + "matchCriteriaId": "C03B9B66-907A-4850-A947-B3DBB08A688E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/randomize/wordpress-randomize-plugin-1-4-3-contributor-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json index 4e0dd9be331..dc0a3e4212a 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52205", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:45.463", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:58:36.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:svnlabs:html5_soundcloud_player_with_playlist_free:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.0", + "matchCriteriaId": "6D6661E1-F2E5-46F2-A866-343558F44951" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/html5-soundcloud-player-with-playlist/wordpress-html5-soundcloud-player-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json index 8f0279b95c8..6d0c2fccac6 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52206", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:45.680", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:58:45.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blueastral:page_builder\\:_live_composer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.25", + "matchCriteriaId": "2800C5B3-8578-4EFA-94B4-E3DFA8759596" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-25-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json index ac4bddab2de..7f84d98c277 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52208", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T19:15:09.380", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:01:44.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Constant Contact Constant Contact Forms. Este problema afecta a Constant Contact Forms: desde n/a hasta 2.4.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:constantcontact:constant_contact_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.2", + "matchCriteriaId": "7EA537FC-1525-4121-8EEA-08E837440142" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-2-4-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json index 90cb050b2b1..bb7230a4d0c 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52213", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:45.920", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:58:54.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:videowhisper:rate_star_review:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.1", + "matchCriteriaId": "2E3DEF8B-9700-4A6B-B883-319B3C8AE2F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/rate-star-review/wordpress-rate-star-review-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json index e8c0d978d01..716894b0210 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52216", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T20:15:46.173", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:59:02.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yevhenkotelnytskyi:js_\\&_css_script_optimizer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.3.3", + "matchCriteriaId": "FF748622-6ABC-43B4-AC29-D12C17CF4FF2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/js-css-script-optimizer/wordpress-js-css-script-optimizer-plugin-0-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json index fedfab0254c..74ea267c3b9 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52222", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T19:15:09.577", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:01:03.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 8.2.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.2.2", + "matchCriteriaId": "2D8C6694-0DF0-4039-B3DE-9C79F08A316F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52265.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52265.json index 325d8b1d3fe..a05b746516a 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52265.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52265.json @@ -2,23 +2,86 @@ "id": "CVE-2023-52265", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-30T23:15:42.620", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:17:16.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data." + }, + { + "lang": "es", + "value": "IDURAR (aka idurar-erp-crm) hasta 2.0.1 permite XSS almacenado a trav\u00e9s de una solicitud PATCH con una plantilla de correo electr\u00f3nico JSON manipulada en los datos /api/email/update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:idurar_project:idurar:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.1", + "matchCriteriaId": "79B1E39B-AFD9-4568-9048-1313A14EDA6E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/idurar/idurar-erp-crm/compare/2.0.1...2.1.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/wbowm15/jubilant-enigma/blob/main/writeup.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json index 05f4e433300..b296d0b90b2 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52271", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-08T20:15:46.387", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:59:26.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "El controlador del kernel wsftprm.sys 2.0.0.0 en Topaz Antifraud permite a atacantes con pocos privilegios eliminar cualquier proceso (Protected Process Light) a trav\u00e9s de un IOCTL (que se nombrar\u00e1 m\u00e1s adelante)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:topazevolution:antifraud:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.0.0", + "matchCriteriaId": "1B242D1E-47B6-4F59-89A8-6D6706213FC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://northwave-cybersecurity.com/vulnerability-notice-topaz-antifraud", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.topazevolution.com/en/antifraud/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json index f69d51741f5..0b2f80a1c13 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json @@ -2,19 +2,79 @@ "id": "CVE-2023-5235", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:09.790", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:37:47.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks." + }, + { + "lang": "es", + "value": "El complemento Ovic Responsive WPBakery de WordPress anterior a 1.2.9 no limita qu\u00e9 opciones se pueden actualizar a trav\u00e9s de algunas de sus acciones AJAX, lo que puede permitir a atacantes con una cuenta de suscriptor+ actualizar opciones de blog, como 'users_can_register' y 'default_role'. Tambi\u00e9n deserializa la entrada del usuario en el proceso, lo que puede provocar ataques de inyecci\u00f3n de objetos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kutethemes:ovic_responsive_wpbakery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.9", + "matchCriteriaId": "1A156192-DB1C-4DEA-94DD-10CF714DCC54" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3db", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5717.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5717.json index cd2b08787c9..a0d12920b41 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5717.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5717.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5717", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-10-25T18:17:43.913", - "lastModified": "2023-11-04T03:24:15.637", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:12.793", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json index b6372286224..e47a9859a81 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json @@ -2,19 +2,79 @@ "id": "CVE-2023-5911", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:09.843", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:43:17.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento WP Custom Cursors | WordPress Cursor Plugin WordPress de WordPress hasta la versi\u00f3n 3.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hamidrezasepehr:wp_custom_cursors_\\|_wordpress_cursor_plugin:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2", + "matchCriteriaId": "4D9989EE-3FAC-4B74-A3CD-03EA43664E09" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/dde0767d-1dff-4261-adbe-1f3fdf2d9aae", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json index 9bf96c958b8..b5471cffdd1 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5957", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:09.890", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:44:55.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell." + }, + { + "lang": "es", + "value": "El complemento Ni Purchase Order(PO) para WooCommerce WordPress hasta 1.2.1 no valida los archivos de imagen de logotipo y firma cargados en la configuraci\u00f3n, lo que permite a un usuario con altos privilegios cargar archivos arbitrarios al servidor web, lo que desencadena una vulnerabilidad RCE al cargar un shell web." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:naziinfotech:ni_purchase_order\\(po\\)_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "DB401D2E-23A7-4A3F-A27D-983DC248779C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json index 5a7a5a1ea55..d5c8a6a1b93 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6004", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-03T17:15:11.623", - "lastModified": "2024-01-10T03:15:44.120", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-11T19:18:22.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,22 +80,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.8.0", + "versionEndExcluding": "0.9.8", + "matchCriteriaId": "CCC06989-1635-446A-B017-0D938580165B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.10.0", + "versionEndExcluding": "0.10.6", + "matchCriteriaId": "BCB546AC-788C-422E-B6BD-756BF39BD0F5" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6004", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251110", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.libssh.org/security/advisories/CVE-2023-6004.txt", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json index aa7ae9f444f..bcef939a823 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6042", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:09.937", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:57:29.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Any unauthenticated user may send e-mail from the site with any title or content to the admin" + }, + { + "lang": "es", + "value": "Cualquier usuario no autenticado puede enviar un correo electr\u00f3nico desde el sitio con cualquier t\u00edtulo o contenido al administrador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.3", + "matchCriteriaId": "90564B59-F63A-49BF-86B9-9634081EDEDF" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/56a1c050-67b5-43bc-b5b6-28d9a5a59eba", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json index 2dc0781632b..e86538d2d6d 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6139", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:09.980", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:46:48.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks." + }, + { + "lang": "es", + "value": "El complemento Essential Real Estate de WordPress anterior a 4.4.0 no aplica comprobaciones de capacidad adecuadas en sus acciones AJAX, que, entre otras cosas, permiten a atacantes con una cuenta de suscriptor realizar ataques de denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.4.0", + "matchCriteriaId": "CB8E7130-A758-4F32-B03C-18B4B8BEB712" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/96396a22-f523-4c51-8b72-52be266988aa", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json index 990aa1341e4..c0c6e334482 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6140", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.027", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:50:08.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution." + }, + { + "lang": "es", + "value": "El complemento Essential Real Estate de WordPress anterior a 4.4.0 no impide que los usuarios con privilegios limitados en el sitio, como los suscriptores, carguen moment\u00e1neamente archivos PHP maliciosos disfrazados de archivos ZIP, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.4.0", + "matchCriteriaId": "CB8E7130-A758-4F32-B03C-18B4B8BEB712" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json index db867dcbd31..3a247d69272 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6141", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.083", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:48:22.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks." + }, + { + "lang": "es", + "value": "El complemento Essential Real Estate de WordPress anterior a 4.4.0 no aplica comprobaciones de capacidad adecuadas en sus acciones AJAX, que, entre otras cosas, permiten a atacantes con una cuenta de suscriptor realizar ataques XSS almacenados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.4.0", + "matchCriteriaId": "CB8E7130-A758-4F32-B03C-18B4B8BEB712" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/df12513b-9664-45be-8824-2924bfddf364", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json index be8e26a33b8..17d84102f45 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6161", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.137", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:56:56.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + }, + { + "lang": "es", + "value": "El complemento WP Crowdfunding de WordPress anterior a 2.1.9 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeum:wp_crowdfunding:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.9", + "matchCriteriaId": "4215EDB1-9D2E-4272-BE00-C2FEF1C09B89" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/ca7b6a39-a910-4b4f-b9cc-be444ec44942", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json index 525af309c74..9bfd457de95 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6383", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.183", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:02:29.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data" + }, + { + "lang": "es", + "value": "El complemento Debug Log Manager de WordPress anterior a 2.3.0 contiene una vulnerabilidad de listado de directorio que le permite descargar el registro de depuraci\u00f3n sin autorizaci\u00f3n y obtener acceso a datos confidenciales." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bowo:debug_log_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.3.0", + "matchCriteriaId": "622D4D91-19A8-4BE9-9CA9-11B7AA14192C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json index 333bdb922e4..0805b6a320f 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json @@ -2,19 +2,79 @@ "id": "CVE-2023-6505", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.230", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:02:39.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files." + }, + { + "lang": "es", + "value": "El complemento Migrate WordPress Website & Backups de WordPress anterior a 1.9.3 no impide la lista de directorios en directorios confidenciales que contienen archivos de exportaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codexonics:prime_mover:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.9.3", + "matchCriteriaId": "F11131D4-FED6-47EC-A770-630ADA0CE273" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json index 9e50020878f..43637a2b31d 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6528", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.273", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:03:00.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution." + }, + { + "lang": "es", + "value": "El complemento Slider Revolution de WordPress anterior a 6.6.19 no impide que los usuarios con al menos el rol de Autor deserialicen contenido arbitrario al importar controles deslizantes, lo que podr\u00eda provocar una ejecuci\u00f3n remota de c\u00f3digo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.6.19", + "matchCriteriaId": "2B541D44-9905-4798-9926-9ED3F69506AF" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json index 8b38a4d0824..2cf37d6ab2d 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json @@ -2,19 +2,83 @@ "id": "CVE-2023-6529", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.320", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:03:44.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities." + }, + { + "lang": "es", + "value": "El complemento WP VR de WordPress anterior a 8.3.15 no autoriza y CSRF en una funci\u00f3n vinculada a admin_init, lo que permite a los usuarios no autenticados degradar el complemento, lo que lleva a XSS reflejado o almacenado, ya que las versiones anteriores tienen tales vulnerabilidades." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coderex:wp_vr:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.15", + "matchCriteriaId": "549C2B6D-6478-46DC-A36D-D50F50DD452F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/c36314c1-a2c0-4816-93c9-e61f9cf7f27a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json index d36ceda1771..6bef925dda0 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json @@ -2,23 +2,86 @@ "id": "CVE-2023-6532", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.363", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:04:00.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento WP Blogs' Planetarium de WordPress hasta la versi\u00f3n 1.0 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-blogs-planetarium_project:wp-blogs-planetarium:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "13415422-13A2-4914-88E1-67319F5AC5B1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/CVE-2023-6532.txt", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/05a730bc-2d72-49e3-a608-e4390b19e97f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json index 9e5ced692dd..daef7d37fbe 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6555", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.413", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T19:59:47.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + }, + { + "lang": "es", + "value": "El complemento Email Subscription Popup de WordPress anterior a 1.2.20 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:i13websolution:email_subscription_popup:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.20", + "matchCriteriaId": "379C94AB-5101-4A73-A205-3D3C57EC0AB4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/58803934-dbd3-422d-88e7-ebbc5e8c0886", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json index 4a3a99fbc0b..220e375b638 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6606.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6606", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-08T17:15:07.733", - "lastModified": "2023-12-12T20:18:17.807", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:12.910", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -140,6 +140,10 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json index 5d825fa3d58..35ef4a0cf21 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json @@ -2,23 +2,88 @@ "id": "CVE-2023-6627", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.460", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:00:14.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site." + }, + { + "lang": "es", + "value": "El complemento WP Go Maps de WordPress (anteriormente WP Google Maps) anterior a la versi\u00f3n 9.0.28 no protege adecuadamente la mayor\u00eda de sus rutas API REST, de las que los atacantes pueden abusar para almacenar HTML/Javascript malicioso en el sitio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:basic:wordpress:*:*", + "versionEndExcluding": "9.0.28", + "matchCriteriaId": "B50E4A9E-B1C6-49B5-8EF0-F47CB7B240D3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json index 4e523ffeefd..78f4c2bea51 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6631", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-08T19:15:10.507", - "lastModified": "2024-01-08T20:15:46.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:01:13.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones 2020 Update 16 y anteriores de PowerSYSTEM Center contienen una vulnerabilidad que puede permitir que un usuario local autorizado inserte c\u00f3digo arbitrario en la ruta del servicio sin comillas y escale privilegios." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-428" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:subnet:powersystem_center:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "7EDB93B1-836B-47CD-8D4A-4DFF281DEC91" + } + ] + } + ] + } + ], "references": [ { "url": "https://subnet.com/contact/", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Product" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json index 4d45b042322..76fa0532441 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json @@ -2,19 +2,80 @@ "id": "CVE-2023-6750", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.680", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:01:30.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path." + }, + { + "lang": "es", + "value": "El complemento Clone de WordPress anterior a 2.4.3 utiliza archivos de b\u00fafer para almacenar informaci\u00f3n de copia de seguridad en progreso, que se almacena en una ruta de archivo definida est\u00e1ticamente y de acceso p\u00fablico." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:backupbliss:clone:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.3", + "matchCriteriaId": "03FFB71C-ABDF-4056-98F4-D66F2194B4AD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/fad9eefe-4552-4d20-a1fd-bb2e172ec8d7", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json index e1ae787a166..bf516f9acea 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json @@ -2,23 +2,86 @@ "id": "CVE-2023-6845", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-08T19:15:10.727", - "lastModified": "2024-01-08T19:30:06.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:01:43.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" + }, + { + "lang": "es", + "value": "El complemento CommentTweets de WordPress hasta la versi\u00f3n 0.6 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:theresehansen:commenttweets:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.6", + "matchCriteriaId": "8B3A1E6D-76F9-49A2-83FB-167A6ABE8563" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://magos-securitas.com/txt/2023-6845", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://wpscan.com/vulnerability/cbdaf158-f277-4be4-b022-68d18dae4c55", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6921.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6921.json index d2febc37a88..5656f6eaf02 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6921.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6921.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6921", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-08T12:15:46.513", - "lastModified": "2024-01-08T15:27:36.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:57:37.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL ciega en PrestaShow Google Integrator (complemento PrestaShop) permite la extracci\u00f3n y modificaci\u00f3n de datos. Este ataque es posible mediante la inserci\u00f3n de un comando en una de las cookies." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -46,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "2.1.4", + "matchCriteriaId": "6C4DFC6A-D90C-4E43-980E-2404E45E7983" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2024/01/CVE-2023-6921/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6931.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6931.json index 5e3e05b4cc3..f0973fff987 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6931.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6931.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6931", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-12-19T14:15:08.277", - "lastModified": "2023-12-28T17:00:59.893", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:13.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -114,6 +114,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6932.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6932.json index c1c6b5a8cf9..a599015992e 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6932.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6932.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6932", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-12-19T14:15:08.460", - "lastModified": "2023-12-28T17:00:43.243", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-11T19:15:13.150", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -114,6 +114,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", + "source": "cve-coordination@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6998.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6998.json index 890f3d9854f..9f133b92727 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6998.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6998.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6998", "sourceIdentifier": "cvd@cert.pl", "published": "2023-12-30T19:15:08.303", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:25:14.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de administraci\u00f3n de privilegios inadecuada en CoolKit Technology eWeLink en Android e iOS permite omitir la pantalla de bloqueo de la aplicaci\u00f3n. Este problema afecta a eWeLink antes de 5.2.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.2 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -46,18 +80,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coolkit:ewelink:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.2.0", + "matchCriteriaId": "EC7555B6-75B2-4D23-99EC-FED1D5097018" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coolkit:ewelink:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.2.0", + "matchCriteriaId": "4BD37BFB-D978-4C15-895A-5D86D064743F" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2023/12/CVE-2023-6998/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://ewelink.cc/app/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7218.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7218.json index 9a0a87070af..15a25ff5fc3 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7218.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7218.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7218", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-08T21:15:10.850", - "lastModified": "2024-01-09T14:01:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:06:57.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", + "matchCriteriaId": "1E783757-7B3B-426D-A7CB-0FEE15BA7EA7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4B88D1F1-F7A6-43D5-8DF7-E9425823C7B6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249852", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249852", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7221.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7221.json index f68ecde9305..eaa41b5c5c5 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7221.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7221.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7221", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T14:15:46.200", - "lastModified": "2024-01-09T14:55:35.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:29:07.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Totolink T6 4.1.9cu.5241_B20210923. Ha sido clasificada como cr\u00edtica. Esto afecta la funci\u00f3n main del archivo /cgi-bin/cstecgi.cgi?action=login del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento v41 provoca un desbordamiento de b\u00fafer. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249855. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:t6_firmware:4.1.9cu.5241_b20210923:*:*:*:*:*:*:*", + "matchCriteriaId": "CE727AE8-BDB0-4B4B-84CF-1C10ED04EFDC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:t6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6FCCF9D7-710A-483D-88DD-682105586C9F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249855", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249855", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7222.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7222.json index 4445e58fbed..37a2ad99e35 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7222.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7222.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7222", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-09T16:15:43.693", - "lastModified": "2024-01-09T19:56:14.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:32:52.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Totolink X2000R 1.0.0-B20221212.1452. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n formTmultiAP del archivo /bin/boa del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento URL de env\u00edo provoca un desbordamiento de b\u00fafer. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249856. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,59 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20221212.1452:*:*:*:*:*:*:*", + "matchCriteriaId": "F5B20806-B933-4583-8196-23BB5BFF4B1E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x2000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299F34FB-4D53-4846-B6F0-4431D61B5154" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/formTmultiAP/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249856", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249856", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0227.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0227.json new file mode 100644 index 00000000000..d7cd5ac945b --- /dev/null +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0227.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0227", + "sourceIdentifier": "disclosure@synopsys.com", + "published": "2024-01-11T20:15:44.003", + "lastModified": "2024-01-11T20:15:44.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDevise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@synopsys.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@synopsys.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8", + "source": "disclosure@synopsys.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0321.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0321.json index 4c37a21972e..e190a786e16 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0321.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0321.json @@ -2,15 +2,41 @@ "id": "CVE-2024-0321", "sourceIdentifier": "security@huntr.dev", "published": "2024-01-08T13:15:09.347", - "lastModified": "2024-01-08T15:27:36.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T20:50:46.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV." + }, + { + "lang": "es", + "value": "desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el repositorio de GitHub gpac/gpac anterior a 2.3-DEV." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,8 +62,18 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +82,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3.0-dev", + "matchCriteriaId": "F3A1B96B-3E09-4DB5-B15E-249D5E6EDEDC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0419.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0419.json new file mode 100644 index 00000000000..b9583422d17 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0419.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-0419", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-11T19:15:13.293", + "lastModified": "2024-01-11T19:15:13.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://cxsecurity.com/issue/WLB-2024010027", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250439", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250439", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.youtube.com/watch?v=6dAWGH0-6TY", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json new file mode 100644 index 00000000000..f319809c3b7 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0422.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0422", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-11T19:15:13.750", + "lastModified": "2024-01-11T19:15:13.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250441", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250441", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json new file mode 100644 index 00000000000..759feb79115 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0423.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0423", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-11T20:15:44.243", + "lastModified": "2024-01-11T20:15:44.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250442", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250442", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json new file mode 100644 index 00000000000..c45bf763be9 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0424.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0424", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-11T20:15:44.473", + "lastModified": "2024-01-11T20:15:44.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250443", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250443", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0425.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0425.json new file mode 100644 index 00000000000..cb1f4388e04 --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0425.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0425", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-11T20:15:44.700", + "lastModified": "2024-01-11T20:15:44.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-640" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250444", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250444", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json new file mode 100644 index 00000000000..3b3031e5293 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22196.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22196", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-11T20:15:44.923", + "lastModified": "2024-01-11T20:15:44.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json new file mode 100644 index 00000000000..9b69f95fd1b --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22198.json @@ -0,0 +1,79 @@ +{ + "id": "CVE-2024-22198", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-11T20:15:45.120", + "lastModified": "2024-01-11T20:15:45.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cffd6c2f487..5dd45adf70c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-11T19:00:35.042428+00:00 +2024-01-11T21:00:24.605863+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-11T18:59:59.720000+00:00 +2024-01-11T20:57:37.320000+00:00 ``` ### Last Data Feed Release @@ -29,55 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235658 +235669 ``` ### CVEs added in the last Commit Recently added CVEs: `11` -* [CVE-2023-50671](CVE-2023/CVE-2023-506xx/CVE-2023-50671.json) (`2024-01-11T17:15:08.557`) -* [CVE-2024-0411](CVE-2024/CVE-2024-04xx/CVE-2024-0411.json) (`2024-01-11T17:15:08.617`) -* [CVE-2024-0412](CVE-2024/CVE-2024-04xx/CVE-2024-0412.json) (`2024-01-11T17:15:08.843`) -* [CVE-2024-0413](CVE-2024/CVE-2024-04xx/CVE-2024-0413.json) (`2024-01-11T17:15:09.060`) -* [CVE-2024-0414](CVE-2024/CVE-2024-04xx/CVE-2024-0414.json) (`2024-01-11T17:15:09.280`) -* [CVE-2024-0415](CVE-2024/CVE-2024-04xx/CVE-2024-0415.json) (`2024-01-11T18:15:44.223`) -* [CVE-2024-0416](CVE-2024/CVE-2024-04xx/CVE-2024-0416.json) (`2024-01-11T18:15:44.460`) -* [CVE-2024-0417](CVE-2024/CVE-2024-04xx/CVE-2024-0417.json) (`2024-01-11T18:15:44.687`) -* [CVE-2024-0418](CVE-2024/CVE-2024-04xx/CVE-2024-0418.json) (`2024-01-11T18:15:44.913`) -* [CVE-2024-22197](CVE-2024/CVE-2024-221xx/CVE-2024-22197.json) (`2024-01-11T18:15:45.140`) -* [CVE-2024-22199](CVE-2024/CVE-2024-221xx/CVE-2024-22199.json) (`2024-01-11T18:15:45.327`) +* [CVE-2023-51780](CVE-2023/CVE-2023-517xx/CVE-2023-51780.json) (`2024-01-11T19:15:12.500`) +* [CVE-2023-51781](CVE-2023/CVE-2023-517xx/CVE-2023-51781.json) (`2024-01-11T19:15:12.553`) +* [CVE-2023-51782](CVE-2023/CVE-2023-517xx/CVE-2023-51782.json) (`2024-01-11T19:15:12.727`) +* [CVE-2024-0419](CVE-2024/CVE-2024-04xx/CVE-2024-0419.json) (`2024-01-11T19:15:13.293`) +* [CVE-2024-0422](CVE-2024/CVE-2024-04xx/CVE-2024-0422.json) (`2024-01-11T19:15:13.750`) +* [CVE-2024-0227](CVE-2024/CVE-2024-02xx/CVE-2024-0227.json) (`2024-01-11T20:15:44.003`) +* [CVE-2024-0423](CVE-2024/CVE-2024-04xx/CVE-2024-0423.json) (`2024-01-11T20:15:44.243`) +* [CVE-2024-0424](CVE-2024/CVE-2024-04xx/CVE-2024-0424.json) (`2024-01-11T20:15:44.473`) +* [CVE-2024-0425](CVE-2024/CVE-2024-04xx/CVE-2024-0425.json) (`2024-01-11T20:15:44.700`) +* [CVE-2024-22196](CVE-2024/CVE-2024-221xx/CVE-2024-22196.json) (`2024-01-11T20:15:44.923`) +* [CVE-2024-22198](CVE-2024/CVE-2024-221xx/CVE-2024-22198.json) (`2024-01-11T20:15:45.120`) ### CVEs modified in the last Commit -Recently modified CVEs: `94` - -* [CVE-2023-7212](CVE-2023/CVE-2023-72xx/CVE-2023-7212.json) (`2024-01-11T18:13:57.037`) -* [CVE-2023-52190](CVE-2023/CVE-2023-521xx/CVE-2023-52190.json) (`2024-01-11T18:25:28.347`) -* [CVE-2023-5880](CVE-2023/CVE-2023-58xx/CVE-2023-5880.json) (`2024-01-11T18:26:04.750`) -* [CVE-2023-1032](CVE-2023/CVE-2023-10xx/CVE-2023-1032.json) (`2024-01-11T18:39:42.960`) -* [CVE-2023-52225](CVE-2023/CVE-2023-522xx/CVE-2023-52225.json) (`2024-01-11T18:42:30.967`) -* [CVE-2023-52219](CVE-2023/CVE-2023-522xx/CVE-2023-52219.json) (`2024-01-11T18:43:08.093`) -* [CVE-2023-52218](CVE-2023/CVE-2023-522xx/CVE-2023-52218.json) (`2024-01-11T18:43:19.067`) -* [CVE-2023-52215](CVE-2023/CVE-2023-522xx/CVE-2023-52215.json) (`2024-01-11T18:43:31.300`) -* [CVE-2023-52207](CVE-2023/CVE-2023-522xx/CVE-2023-52207.json) (`2024-01-11T18:59:59.720`) -* [CVE-2024-22087](CVE-2024/CVE-2024-220xx/CVE-2024-22087.json) (`2024-01-11T17:03:51.967`) -* [CVE-2024-22086](CVE-2024/CVE-2024-220xx/CVE-2024-22086.json) (`2024-01-11T17:04:07.660`) -* [CVE-2024-22051](CVE-2024/CVE-2024-220xx/CVE-2024-22051.json) (`2024-01-11T17:07:05.660`) -* [CVE-2024-21647](CVE-2024/CVE-2024-216xx/CVE-2024-21647.json) (`2024-01-11T17:31:54.497`) -* [CVE-2024-21645](CVE-2024/CVE-2024-216xx/CVE-2024-21645.json) (`2024-01-11T17:32:30.503`) -* [CVE-2024-21644](CVE-2024/CVE-2024-216xx/CVE-2024-21644.json) (`2024-01-11T17:33:09.870`) -* [CVE-2024-0322](CVE-2024/CVE-2024-03xx/CVE-2024-0322.json) (`2024-01-11T17:36:34.290`) -* [CVE-2024-21909](CVE-2024/CVE-2024-219xx/CVE-2024-21909.json) (`2024-01-11T17:50:23.563`) -* [CVE-2024-21747](CVE-2024/CVE-2024-217xx/CVE-2024-21747.json) (`2024-01-11T18:45:06.960`) -* [CVE-2024-21745](CVE-2024/CVE-2024-217xx/CVE-2024-21745.json) (`2024-01-11T18:45:19.053`) -* [CVE-2024-21744](CVE-2024/CVE-2024-217xx/CVE-2024-21744.json) (`2024-01-11T18:45:53.040`) -* [CVE-2024-21650](CVE-2024/CVE-2024-216xx/CVE-2024-21650.json) (`2024-01-11T18:46:08.260`) -* [CVE-2024-0301](CVE-2024/CVE-2024-03xx/CVE-2024-0301.json) (`2024-01-11T18:50:32.310`) -* [CVE-2024-0302](CVE-2024/CVE-2024-03xx/CVE-2024-0302.json) (`2024-01-11T18:52:04.270`) -* [CVE-2024-0304](CVE-2024/CVE-2024-03xx/CVE-2024-0304.json) (`2024-01-11T18:53:13.737`) -* [CVE-2024-0303](CVE-2024/CVE-2024-03xx/CVE-2024-0303.json) (`2024-01-11T18:58:18.753`) +Recently modified CVEs: `97` + +* [CVE-2023-6532](CVE-2023/CVE-2023-65xx/CVE-2023-6532.json) (`2024-01-11T20:04:00.773`) +* [CVE-2023-36916](CVE-2023/CVE-2023-369xx/CVE-2023-36916.json) (`2024-01-11T20:04:33.690`) +* [CVE-2023-26998](CVE-2023/CVE-2023-269xx/CVE-2023-26998.json) (`2024-01-11T20:04:56.533`) +* [CVE-2023-50162](CVE-2023/CVE-2023-501xx/CVE-2023-50162.json) (`2024-01-11T20:05:12.260`) +* [CVE-2023-52074](CVE-2023/CVE-2023-520xx/CVE-2023-52074.json) (`2024-01-11T20:05:27.817`) +* [CVE-2023-52073](CVE-2023/CVE-2023-520xx/CVE-2023-52073.json) (`2024-01-11T20:05:37.137`) +* [CVE-2023-52072](CVE-2023/CVE-2023-520xx/CVE-2023-52072.json) (`2024-01-11T20:05:45.403`) +* [CVE-2023-7218](CVE-2023/CVE-2023-72xx/CVE-2023-7218.json) (`2024-01-11T20:06:57.847`) +* [CVE-2023-52202](CVE-2023/CVE-2023-522xx/CVE-2023-52202.json) (`2024-01-11T20:07:05.607`) +* [CVE-2023-52201](CVE-2023/CVE-2023-522xx/CVE-2023-52201.json) (`2024-01-11T20:07:16.220`) +* [CVE-2023-52198](CVE-2023/CVE-2023-521xx/CVE-2023-52198.json) (`2024-01-11T20:07:27.050`) +* [CVE-2023-52197](CVE-2023/CVE-2023-521xx/CVE-2023-52197.json) (`2024-01-11T20:07:32.690`) +* [CVE-2023-36915](CVE-2023/CVE-2023-369xx/CVE-2023-36915.json) (`2024-01-11T20:09:31.473`) +* [CVE-2023-52265](CVE-2023/CVE-2023-522xx/CVE-2023-52265.json) (`2024-01-11T20:17:16.273`) +* [CVE-2023-26999](CVE-2023/CVE-2023-269xx/CVE-2023-26999.json) (`2024-01-11T20:19:49.153`) +* [CVE-2023-6998](CVE-2023/CVE-2023-69xx/CVE-2023-6998.json) (`2024-01-11T20:25:14.163`) +* [CVE-2023-7221](CVE-2023/CVE-2023-72xx/CVE-2023-7221.json) (`2024-01-11T20:29:07.103`) +* [CVE-2023-52196](CVE-2023/CVE-2023-521xx/CVE-2023-52196.json) (`2024-01-11T20:29:45.240`) +* [CVE-2023-7222](CVE-2023/CVE-2023-72xx/CVE-2023-7222.json) (`2024-01-11T20:32:52.540`) +* [CVE-2023-51746](CVE-2023/CVE-2023-517xx/CVE-2023-51746.json) (`2024-01-11T20:35:08.503`) +* [CVE-2023-51439](CVE-2023/CVE-2023-514xx/CVE-2023-51439.json) (`2024-01-11T20:36:36.063`) +* [CVE-2023-51744](CVE-2023/CVE-2023-517xx/CVE-2023-51744.json) (`2024-01-11T20:39:08.490`) +* [CVE-2023-51745](CVE-2023/CVE-2023-517xx/CVE-2023-51745.json) (`2024-01-11T20:39:21.337`) +* [CVE-2023-6921](CVE-2023/CVE-2023-69xx/CVE-2023-6921.json) (`2024-01-11T20:57:37.320`) +* [CVE-2024-0321](CVE-2024/CVE-2024-03xx/CVE-2024-0321.json) (`2024-01-11T20:50:46.433`) ## Download and Usage