admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-13T16:00:24.418019+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-13 16:00:28 +00:00
parent 4dc017fb6b
commit 00f963b994
44 changed files with 2969 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2020/CVE-2020-276xx/CVE-2020-27630.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2020-27630",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T17:15:10.403",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:12:41.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random."
},
{
"lang": "es",
"value": "En Silicon Labs uC/TCP-IP 3.6.0, los ISN de TCP son incorrectamente aleatorios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:uc\\/tcp-ip:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB14A30E-C539-49BE-98BB-4CDA95746BDC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.forescout.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2020/CVE-2020-276xx/CVE-2020-27631.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2020-27631",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T17:15:10.453",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:12:44.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random."
},
{
"lang": "es",
"value": "En Oryx CycloneTCP 1.9.6, los ISN de TCP son incorrectamente aleatorios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27B25BA9-7220-47EA-98F0-128A5462815A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.forescout.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2020/CVE-2020-276xx/CVE-2020-27633.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2020-27633",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T17:15:10.607",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:12:35.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In FNET 4.6.3, TCP ISNs are improperly random."
},
{
"lang": "es",
"value": "En FNET 4.6.3, los ISN de TCP son incorrectamente aleatorios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:butok:fnet:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94C5BC14-6C70-4847-AE23-D6417CD2C3A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.forescout.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2020/CVE-2020-276xx/CVE-2020-27634.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2020-27634",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T17:15:10.657",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:12:30.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Contiki 4.5, TCP ISNs are improperly random."
},
{
"lang": "es",
"value": "En Contiki 4.5, los ISN de TCP son incorrectamente aleatorios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93EA8725-2367-4899-96B6-5B4419C9B3DB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.forescout.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2020/CVE-2020-276xx/CVE-2020-27636.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2020-27636",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T17:15:10.753",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:12:19.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random."
},
{
"lang": "es",
"value": "En Microchip MPLAB Net 3.6.1, los ISN de TCP son incorrectamente aleatorios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microchip:mplab_network_creator:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5638620-DB79-4F31-AE15-F0F23382D658"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.forescout.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2021/CVE-2021-278xx/CVE-2021-27852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-27852",
"sourceIdentifier": "cret@cert.org",
"published": "2021-05-27T21:15:20.567",
"lastModified": "2021-06-08T02:17:22.947",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-13T15:15:43.783",
"vulnStatus": "Modified",
"cisaExploitAdd": "2022-04-11",
"cisaActionDue": "2022-05-02",
"cisaRequiredAction": "Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.",
@ -97,16 +97,6 @@
"value": "CWE-502"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [

64
CVE-2023/CVE-2023-258xx/CVE-2023-25822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T14:15:10.547",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:01:57.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reportportal:reportportal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2",
"matchCriteriaId": "FA457CC7-2162-45F4-9242-627E4834CB40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reportportal:service-api:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "F2404BAD-E6F4-4CC7-BCD6-4F9FB004CA68"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/reportportal/reportportal/releases/tag/v23.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/reportportal/reportportal/security/advisories/GHSA-mj24-gpw7-23m9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://reportportal.io/docs/releases/Version23.2/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}
]
}

71
CVE-2023/CVE-2023-308xx/CVE-2023-30802.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30802",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:09.880",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:00:09.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall es vulnerable a una vulnerabilidad de divulgaci\u00f3n del c\u00f3digo fuente. Un atacante remoto y no autenticado puede obtener el c\u00f3digo fuente PHP enviando una solicitud HTTP con un campo Content-Length no v\u00e1lido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F"
}
]
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
]
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-source",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-308xx/CVE-2023-30803.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30803",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:09.957",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T14:59:30.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto y no autenticado puede omitir la autenticaci\u00f3n y acceder a la funcionalidad administrativa enviando solicitudes HTTP utilizando un encabezado Y-forward-for manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F"
}
]
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
]
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-308xx/CVE-2023-30804.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30804",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:10.033",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T14:58:48.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de divulgaci\u00f3n de archivos autenticados. Un atacante remoto y autenticado puede leer archivos arbitrarios del sistema utilizando el endpoint svpn_html/loadfile.php. Este problema puede ser aprovechado por un atacante remoto y no autenticado cuando se combina con CVE-2023-30803."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F"
}
]
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
]
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-308xx/CVE-2023-30805.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30805",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:10.107",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T14:57:34.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the \"un\" parameter.\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n NGAF8.0.17 de Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios enviando una solicitud HTTP POST manipulada al endpoint /LogInOut.php. Esto se debe a un mal manejo de los metacaracteres del shell en el par\u00e1metro \"un\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F"
}
]
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
]
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-username-rce",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-308xx/CVE-2023-30806.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30806",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:10.170",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:00:30.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n NGAF8.0.17 de Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios enviando una solicitud HTTP POST manipulada al endpoint /cgi-bin/login.cgi. Esto se debe a un mal manejo de los metacaracteres del shell en la cookie PHPSESSID."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:ngaf8.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCE7CFB-D534-49FC-BAA2-C64A4A6F4630"
}
]
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
]
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33301.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33301",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:11.217",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:44:04.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en Fortinet FortiOS 7.2.0 - 7.2.4 y 7.4.0 permite a un atacante acceder a un recurso restringido desde un host no confiable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,49 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.4",
"matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-139",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-333xx/CVE-2023-33303.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-33303",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-13T15:15:43.930",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-007",
"source": "psirt@fortinet.com"
}
]
}

5
CVE-2023/CVE-2023-34xx/CVE-2023-3470.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3470",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-08-02T16:15:10.837",
"lastModified": "2023-08-07T19:48:56.370",
"lastModified": "2023-10-13T14:14:59.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-521"
"value": "CWE-287"
}
]
},
@ -78,7 +78,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

109
CVE-2023/CVE-2023-365xx/CVE-2023-36567.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36567",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.260",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:15:32.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Deployment Services Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Windows Deployment Services"
}
],
"metrics": {
@ -34,10 +38,109 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "5B5FFA9D-5BA5-484B-9DC9-5BC048166C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-365xx/CVE-2023-36568.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36568",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.323",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:10:58.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Office Click-To-Run"
}
],
"metrics": {
@ -34,10 +38,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-365xx/CVE-2023-36569.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36569",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.387",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:10:30.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Office"
}
],
"metrics": {
@ -34,10 +38,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36572.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36572",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.573",
"lastModified": "2023-10-10T18:21:15.910",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:09:29.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36573.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36573",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.637",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:09:02.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36574.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36574",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.697",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:19:55.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36575.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36575",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.757",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:19:13.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-365xx/CVE-2023-36576.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36576",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.823",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:18:36.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del kernel de Windows"
}
],
"metrics": {
@ -34,10 +38,89 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "5B5FFA9D-5BA5-484B-9DC9-5BC048166C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-365xx/CVE-2023-36577.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36577",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.887",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:17:39.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"metrics": {
@ -34,10 +38,109 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "5B5FFA9D-5BA5-484B-9DC9-5BC048166C70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36578.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36578",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:13.950",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:16:40.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-365xx/CVE-2023-36579.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36579",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-10T18:15:14.027",
"lastModified": "2023-10-10T18:21:10.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:16:06.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft Message Queuing"
}
],
"metrics": {
@ -34,10 +38,115 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20232",
"matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6351",
"matchCriteriaId": "2D523568-3488-439B-B008-025E99213147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4974",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19041.3570",
"matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3570",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2538",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2428",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-393xx/CVE-2023-39323.json
View File

@ -2,31 +2,109 @@
"id": "CVE-2023-39323",
"sourceIdentifier": "security@golang.org",
"published": "2023-10-05T21:15:11.283",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:03:42.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex."
},
{
"lang": "es",
"value": "Las directivas de l\u00ednea (\"//line\") se pueden utilizar para evitar las restricciones de las directivas \"//go:cgo_\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilaci\u00f3n. Esto puede provocar la ejecuci\u00f3n inesperada de c\u00f3digo arbitrario al ejecutar \"go build\". La directiva de l\u00ednea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente m\u00e1s complejo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.9",
"matchCriteriaId": "84851C3D-3035-457E-96D9-48E219817D58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0",
"versionEndExcluding": "1.21.2",
"matchCriteriaId": "7381A279-81EB-48D9-8065-C733FA8736B8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/533215",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/63211",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2095",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-416xx/CVE-2023-41680.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41680",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-13T15:15:44.000",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-311",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-416xx/CVE-2023-41681.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41681",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-13T15:15:44.060",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-311",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-416xx/CVE-2023-41682.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41682",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-13T15:15:44.123",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-280",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-418xx/CVE-2023-41836.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41836",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-13T15:15:44.183",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-215",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-418xx/CVE-2023-41843.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41843",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-13T15:15:44.243",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-273",
"source": "psirt@fortinet.com"
}
]
}

123
CVE-2023/CVE-2023-427xx/CVE-2023-42787.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42787",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:12.930",
"lastModified": "2023-10-10T17:52:09.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:04:19.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A client-side enforcement of server-side security [CWE-602] vulnerability\u00a0in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution."
},
{
"lang": "es",
"value": "Una vulnerabilidad de aplicaci\u00f3n de seguridad del lado del servidor [CWE-602] en Fortinet FortiManager versi\u00f3n 7.4.0 y anteriores a 7.2.3 y FortiAnalyzer versi\u00f3n 7.4.0 y anteriores a 7.2.3 puede permitir que un atacante remoto con privilegios bajos acceda a una consola web privilegiada a trav\u00e9s de la ejecuci\u00f3n de c\u00f3digo del lado del cliente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,103 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.12",
"matchCriteriaId": "285EC81A-34F0-4153-82DE-6A49C05EB240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.13",
"matchCriteriaId": "56D6A507-5B18-4F62-9B08-98122FB2F23B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "CCE23C15-B42C-48DF-9435-27D5143F0B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.12",
"matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.13",
"matchCriteriaId": "B632AF2E-739B-4EBA-8780-8AE999C62F3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "FA1523A4-BC32-4618-897D-9B5709512FBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-187",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

123
CVE-2023/CVE-2023-427xx/CVE-2023-42788.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42788",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:12.987",
"lastModified": "2023-10-10T17:52:09.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:22:01.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command"
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') [CWE-78] en FortiManager y FortiAnalyzer versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3, versi\u00f3n 7.0.0 a 7.0.8 , las versiones 6.4.0 a 6.4.12 y 6.2.0 a 6.2.11 pueden permitir que un atacante local con privilegios bajos ejecute c\u00f3digo no autorizado a trav\u00e9s de argumentos espec\u00edficamente manipulados para un comando CLI"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,103 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.11",
"matchCriteriaId": "AB37EC26-3458-4AB4-91E5-58B75E587F64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.12",
"matchCriteriaId": "041E0C3F-E9B6-46E3-87D4-718FAC0C024E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.8",
"matchCriteriaId": "8B74F415-4705-4923-945F-CB393326F78D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.11",
"matchCriteriaId": "67777F42-09E1-4651-807C-325A5F0D8A66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.12",
"matchCriteriaId": "0FC51DD4-5232-41CD-B85A-8AF8DB74A322"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.8",
"matchCriteriaId": "7AEFC8D4-6358-4A81-BCF3-D162871F59F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-167",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-432xx/CVE-2023-43269.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43269",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T22:15:12.180",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:03:11.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que pigcms hasta 7.0 conten\u00eda una vulnerabilidad de carga de archivos arbitraria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pigcms:pigcms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0",
"matchCriteriaId": "5B166487-B720-460E-9B21-D50037AD4BE5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pwnero/vul/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

55
CVE-2023/CVE-2023-451xx/CVE-2023-45109.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45109",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-13T14:15:10.193",
"lastModified": "2023-10-13T14:44:03.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <=\u00a01.1.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/white-page-publication/wordpress-whitepage-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-452xx/CVE-2023-45267.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45267",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-13T15:15:44.310",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <=\u00a02.2.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wooreviews-importer/wordpress-irivyou-add-reviews-from-aliexpress-and-amazon-to-woocommerce-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-452xx/CVE-2023-45268.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45268",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-13T15:15:44.383",
"lastModified": "2023-10-13T15:20:17.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <=\u00a05.86 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hitsteps-visitor-manager/wordpress-hitsteps-web-analytics-plugin-5-85-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

73
CVE-2023/CVE-2023-452xx/CVE-2023-45282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45282",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T19:15:12.950",
"lastModified": "2023-10-12T16:15:12.167",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-13T14:42:00.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "En NASA Open MCT (tambi\u00e9n conocido como openmct) 2.2.5 anterior a 545a177, la contaminaci\u00f3n del prototipo puede ocurrir mediante una acci\u00f3n de importaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nasa:openmct:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "110C12F8-84AF-42E1-9D25-B34D4EECB67F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://nasa.github.io/openmct/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-453xx/CVE-2023-45391.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45391",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-13T14:15:10.587",
"lastModified": "2023-10-13T14:44:03.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-stored-xss.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-453xx/CVE-2023-45393.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45393",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-13T14:15:10.847",
"lastModified": "2023-10-13T14:44:03.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie."
}
],
"metrics": {},
"references": [
{
"url": "https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-idor.html",
"source": "cve@mitre.org"
}
]
}

70
CVE-2023/CVE-2023-52xx/CVE-2023-5232.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5232",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-28T05:15:46.437",
"lastModified": "2023-09-28T12:44:04.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:07:51.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Font Awesome More Icons para WordPress es vulnerable a Cross-Site Scripting almacenado, a trav\u00e9s del c\u00f3digo abreviado de 'icon' en versiones hasta la 3.5 incluida, debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +68,50 @@
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webguysaz:font_awesome_more_icons:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5",
"matchCriteriaId": "B184AAE1-3B85-4EE7-9539-BAE5F7F5612C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/font-awesome-more-icons/tags/3.5/plugin.php#L82",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15947764-a070-4715-bd44-cb79b62ed59d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-55xx/CVE-2023-5520.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5520",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-11T12:15:11.857",
"lastModified": "2023-10-11T12:54:05.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-13T15:13:36.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2."
},
{
"lang": "es",
"value": "Fuera de los L\u00edmites Le\u00eddo en el repositorio de GitHub gpac/gpac anterior a 2.2.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.2",
"matchCriteriaId": "DBF31B7B-F4C7-40C0-9245-09FECA1A8164"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

89
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-13T14:00:24.644716+00:00
2023-10-13T16:00:24.418019+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-13T13:46:47.010000+00:00
2023-10-13T15:44:04.660000+00:00
```
### Last Data Feed Release
@ -29,62 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227755
227766
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `11`
* [CVE-2023-39999](CVE-2023/CVE-2023-399xx/CVE-2023-39999.json) (`2023-10-13T12:15:09.970`)
* [CVE-2023-43079](CVE-2023/CVE-2023-430xx/CVE-2023-43079.json) (`2023-10-13T12:15:10.077`)
* [CVE-2023-29464](CVE-2023/CVE-2023-294xx/CVE-2023-29464.json) (`2023-10-13T13:15:11.453`)
* [CVE-2023-39960](CVE-2023/CVE-2023-399xx/CVE-2023-39960.json) (`2023-10-13T13:15:11.560`)
* [CVE-2023-45107](CVE-2023/CVE-2023-451xx/CVE-2023-45107.json) (`2023-10-13T13:15:11.663`)
* [CVE-2023-45108](CVE-2023/CVE-2023-451xx/CVE-2023-45108.json) (`2023-10-13T13:15:11.750`)
* [CVE-2023-45130](CVE-2023/CVE-2023-451xx/CVE-2023-45130.json) (`2023-10-13T13:15:11.827`)
* [CVE-2023-45162](CVE-2023/CVE-2023-451xx/CVE-2023-45162.json) (`2023-10-13T13:15:11.910`)
* [CVE-2023-45463](CVE-2023/CVE-2023-454xx/CVE-2023-45463.json) (`2023-10-13T13:15:11.987`)
* [CVE-2023-45464](CVE-2023/CVE-2023-454xx/CVE-2023-45464.json) (`2023-10-13T13:15:12.043`)
* [CVE-2023-45465](CVE-2023/CVE-2023-454xx/CVE-2023-45465.json) (`2023-10-13T13:15:12.093`)
* [CVE-2023-45466](CVE-2023/CVE-2023-454xx/CVE-2023-45466.json) (`2023-10-13T13:15:12.147`)
* [CVE-2023-45467](CVE-2023/CVE-2023-454xx/CVE-2023-45467.json) (`2023-10-13T13:15:12.203`)
* [CVE-2023-45468](CVE-2023/CVE-2023-454xx/CVE-2023-45468.json) (`2023-10-13T13:15:12.253`)
* [CVE-2023-4517](CVE-2023/CVE-2023-45xx/CVE-2023-4517.json) (`2023-10-13T13:15:12.443`)
* [CVE-2023-4829](CVE-2023/CVE-2023-48xx/CVE-2023-4829.json) (`2023-10-13T13:15:12.523`)
* [CVE-2023-4995](CVE-2023/CVE-2023-49xx/CVE-2023-4995.json) (`2023-10-13T13:15:12.607`)
* [CVE-2023-5240](CVE-2023/CVE-2023-52xx/CVE-2023-5240.json) (`2023-10-13T13:15:12.693`)
* [CVE-2023-45109](CVE-2023/CVE-2023-451xx/CVE-2023-45109.json) (`2023-10-13T14:15:10.193`)
* [CVE-2023-45391](CVE-2023/CVE-2023-453xx/CVE-2023-45391.json) (`2023-10-13T14:15:10.587`)
* [CVE-2023-45393](CVE-2023/CVE-2023-453xx/CVE-2023-45393.json) (`2023-10-13T14:15:10.847`)
* [CVE-2023-33303](CVE-2023/CVE-2023-333xx/CVE-2023-33303.json) (`2023-10-13T15:15:43.930`)
* [CVE-2023-41680](CVE-2023/CVE-2023-416xx/CVE-2023-41680.json) (`2023-10-13T15:15:44.000`)
* [CVE-2023-41681](CVE-2023/CVE-2023-416xx/CVE-2023-41681.json) (`2023-10-13T15:15:44.060`)
* [CVE-2023-41682](CVE-2023/CVE-2023-416xx/CVE-2023-41682.json) (`2023-10-13T15:15:44.123`)
* [CVE-2023-41836](CVE-2023/CVE-2023-418xx/CVE-2023-41836.json) (`2023-10-13T15:15:44.183`)
* [CVE-2023-41843](CVE-2023/CVE-2023-418xx/CVE-2023-41843.json) (`2023-10-13T15:15:44.243`)
* [CVE-2023-45267](CVE-2023/CVE-2023-452xx/CVE-2023-45267.json) (`2023-10-13T15:15:44.310`)
* [CVE-2023-45268](CVE-2023/CVE-2023-452xx/CVE-2023-45268.json) (`2023-10-13T15:15:44.383`)
### CVEs modified in the last Commit
Recently modified CVEs: `56`
Recently modified CVEs: `32`
* [CVE-2023-44194](CVE-2023/CVE-2023-441xx/CVE-2023-44194.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44195](CVE-2023/CVE-2023-441xx/CVE-2023-44195.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44196](CVE-2023/CVE-2023-441xx/CVE-2023-44196.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44197](CVE-2023/CVE-2023-441xx/CVE-2023-44197.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44198](CVE-2023/CVE-2023-441xx/CVE-2023-44198.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44199](CVE-2023/CVE-2023-441xx/CVE-2023-44199.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44201](CVE-2023/CVE-2023-442xx/CVE-2023-44201.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44203](CVE-2023/CVE-2023-442xx/CVE-2023-44203.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-44204](CVE-2023/CVE-2023-442xx/CVE-2023-44204.json) (`2023-10-13T12:47:39.540`)
* [CVE-2023-23632](CVE-2023/CVE-2023-236xx/CVE-2023-23632.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-5562](CVE-2023/CVE-2023-55xx/CVE-2023-5562.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-45510](CVE-2023/CVE-2023-455xx/CVE-2023-45510.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-45511](CVE-2023/CVE-2023-455xx/CVE-2023-45511.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-27316](CVE-2023/CVE-2023-273xx/CVE-2023-27316.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-22392](CVE-2023/CVE-2023-223xx/CVE-2023-22392.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-36839](CVE-2023/CVE-2023-368xx/CVE-2023-36839.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-36841](CVE-2023/CVE-2023-368xx/CVE-2023-36841.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-36843](CVE-2023/CVE-2023-368xx/CVE-2023-36843.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-41261](CVE-2023/CVE-2023-412xx/CVE-2023-41261.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-41262](CVE-2023/CVE-2023-412xx/CVE-2023-41262.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-41263](CVE-2023/CVE-2023-412xx/CVE-2023-41263.json) (`2023-10-13T12:47:48.873`)
* [CVE-2023-5498](CVE-2023/CVE-2023-54xx/CVE-2023-5498.json) (`2023-10-13T12:54:51.443`)
* [CVE-2023-43787](CVE-2023/CVE-2023-437xx/CVE-2023-43787.json) (`2023-10-13T13:18:05.560`)
* [CVE-2023-5488](CVE-2023/CVE-2023-54xx/CVE-2023-5488.json) (`2023-10-13T13:22:54.483`)
* [CVE-2023-43786](CVE-2023/CVE-2023-437xx/CVE-2023-43786.json) (`2023-10-13T13:26:45.497`)
* [CVE-2023-45282](CVE-2023/CVE-2023-452xx/CVE-2023-45282.json) (`2023-10-13T14:42:00.880`)
* [CVE-2023-30805](CVE-2023/CVE-2023-308xx/CVE-2023-30805.json) (`2023-10-13T14:57:34.343`)
* [CVE-2023-30804](CVE-2023/CVE-2023-308xx/CVE-2023-30804.json) (`2023-10-13T14:58:48.373`)
* [CVE-2023-30803](CVE-2023/CVE-2023-308xx/CVE-2023-30803.json) (`2023-10-13T14:59:30.843`)
* [CVE-2023-30802](CVE-2023/CVE-2023-308xx/CVE-2023-30802.json) (`2023-10-13T15:00:09.473`)
* [CVE-2023-30806](CVE-2023/CVE-2023-308xx/CVE-2023-30806.json) (`2023-10-13T15:00:30.383`)
* [CVE-2023-25822](CVE-2023/CVE-2023-258xx/CVE-2023-25822.json) (`2023-10-13T15:01:57.210`)
* [CVE-2023-43269](CVE-2023/CVE-2023-432xx/CVE-2023-43269.json) (`2023-10-13T15:03:11.810`)
* [CVE-2023-39323](CVE-2023/CVE-2023-393xx/CVE-2023-39323.json) (`2023-10-13T15:03:42.950`)
* [CVE-2023-42787](CVE-2023/CVE-2023-427xx/CVE-2023-42787.json) (`2023-10-13T15:04:19.727`)
* [CVE-2023-5232](CVE-2023/CVE-2023-52xx/CVE-2023-5232.json) (`2023-10-13T15:07:51.423`)
* [CVE-2023-36573](CVE-2023/CVE-2023-365xx/CVE-2023-36573.json) (`2023-10-13T15:09:02.467`)
* [CVE-2023-36572](CVE-2023/CVE-2023-365xx/CVE-2023-36572.json) (`2023-10-13T15:09:29.557`)
* [CVE-2023-36569](CVE-2023/CVE-2023-365xx/CVE-2023-36569.json) (`2023-10-13T15:10:30.050`)
* [CVE-2023-36568](CVE-2023/CVE-2023-365xx/CVE-2023-36568.json) (`2023-10-13T15:10:58.450`)
* [CVE-2023-5520](CVE-2023/CVE-2023-55xx/CVE-2023-5520.json) (`2023-10-13T15:13:36.757`)
* [CVE-2023-36567](CVE-2023/CVE-2023-365xx/CVE-2023-36567.json) (`2023-10-13T15:15:32.337`)
* [CVE-2023-36579](CVE-2023/CVE-2023-365xx/CVE-2023-36579.json) (`2023-10-13T15:16:06.637`)
* [CVE-2023-36578](CVE-2023/CVE-2023-365xx/CVE-2023-36578.json) (`2023-10-13T15:16:40.177`)
* [CVE-2023-36577](CVE-2023/CVE-2023-365xx/CVE-2023-36577.json) (`2023-10-13T15:17:39.077`)
* [CVE-2023-36576](CVE-2023/CVE-2023-365xx/CVE-2023-36576.json) (`2023-10-13T15:18:36.740`)
* [CVE-2023-36575](CVE-2023/CVE-2023-365xx/CVE-2023-36575.json) (`2023-10-13T15:19:13.637`)
* [CVE-2023-36574](CVE-2023/CVE-2023-365xx/CVE-2023-36574.json) (`2023-10-13T15:19:55.470`)
* [CVE-2023-42788](CVE-2023/CVE-2023-427xx/CVE-2023-42788.json) (`2023-10-13T15:22:01.607`)
* [CVE-2023-33301](CVE-2023/CVE-2023-333xx/CVE-2023-33301.json) (`2023-10-13T15:44:04.660`)
## Download and Usage