admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-26T18:00:25.251929+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-26 18:00:29 +00:00
parent be258b3f4a
commit 0a8bedf7eb
17 changed files with 1161 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-354xx/CVE-2020-35466.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-35466",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-15T23:15:13.263",
"lastModified": "2020-12-17T17:42:07.280",
"lastModified": "2023-09-26T17:46:20.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackfire:blackfire:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:blackfire:blackfire_docker_image:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2020-12-14",
"matchCriteriaId": "86791E8D-6217-428F-B51A-CC12F8D1BDB5"
"matchCriteriaId": "2A39AEFF-7819-48E3-81B0-675DA354C648"
}
]
}

131
CVE-2022/CVE-2022-40xx/CVE-2022-4039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-22T15:15:09.847",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T16:15:18.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,18 +58,119 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0F191-ADDB-4AAE-A5C5-5CC16909E64A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75BCB4-F0E1-4C05-A2D7-001503C805C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B02036DD-4489-480B-B7D4-4EB08952377B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E78C55-45B6-4E01-9773-D3468F8EA9C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "30E2CF79-2D56-48AB-952E-5DDAFE471073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "54E24055-813B-4E6D-94B7-FAD5F78B8537"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4039",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

118
CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1260",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:42.707",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T16:21:06.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en kube-apiserver. Este problema podr\u00eda permitir que un atacante remoto y autenticado al que se le hayan otorgado permisos \"update, patch\" el subrecurso \"pods/ephemeralcontainers\" m\u00e1s all\u00e1 de lo predeterminado. Luego tendr\u00edan que crear un nuevo pod o parchear uno al que ya tengan acceso. Esto podr\u00eda permitir la evasi\u00f3n de las restricciones de admisi\u00f3n de SCC, obteniendo as\u00ed el control de un m\u00f3dulo privilegiado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,30 +58,108 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kube-apiserver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58A67EBB-3567-46AD-9EF2-8DA8DBABBA03"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:3976",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4093",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4312",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4898",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1260",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-16xx/CVE-2023-1633.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1633",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:43.760",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T17:46:42.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de fuga de credenciales en OpenStack Barbican. Esta falla permite que un atacante autenticado local lea el archivo de configuraci\u00f3n y obtenga acceso a credenciales sensibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,75 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*",
"matchCriteriaId": "596EFC6C-4D91-4EDF-9EC6-1C58EB485C5E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1633",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-16xx/CVE-2023-1636.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1636",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:43.920",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T17:57:04.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los contenedores OpenStack Barbican. Esta vulnerabilidad solo se aplica a implementaciones que utilizan una configuraci\u00f3n todo en uno. Los contenedores Barbican comparten el mismo espacio de nombres CGROUP, USER y NET con el sistema host y otros servicios OpenStack. Si alg\u00fan servicio se ve comprometido, podr\u00eda obtener acceso a los datos transmitidos hacia y desde Barbican."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,75 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*",
"matchCriteriaId": "596EFC6C-4D91-4EDF-9EC6-1C58EB485C5E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1636",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-326xx/CVE-2023-32653.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32653",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.880",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:26:41.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites en la funcionalidad dcm_pixel_data_decode de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-343xx/CVE-2023-34319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34319",
"sourceIdentifier": "security@xen.org",
"published": "2023-09-22T14:15:45.627",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T16:11:56.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "La soluci\u00f3n para XSA-423 agreg\u00f3 l\u00f3gica al controlador netback de Linux para lidiar con una interfaz que divide un paquete de tal manera que no todos los encabezados vengan en una sola pieza. Desafortunadamente, la l\u00f3gica introducida all\u00ed no tuvo en cuenta el caso extremo de que todo el paquete se divida en tantas partes como lo permita el protocolo, pero a\u00fan as\u00ed sea m\u00e1s peque\u00f1o que el \u00e1rea que se trata especialmente para mantener todos los (posibles) encabezados juntos. Por lo tanto, un paquete tan inusual provocar\u00eda un Desbordamiento del B\u00fafer en el controlador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"versionStartIncluding": "3.2.0",
"matchCriteriaId": "07AD4949-CFD3-4551-B63D-B307F8EB10FC"
}
]
}
]
}
],
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-438.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-350xx/CVE-2023-35002.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35002",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:14.013",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:31:56.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer basada en mont\u00f3n en la funcionalidad pictwread de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1760",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-35xx/CVE-2023-3547.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-3547",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.273",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:24:21.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks."
},
{
"lang": "es",
"value": "El complemento de WordPress All in One B2B para WooCommerce hasta la versi\u00f3n 1.0.3 no verifica correctamente los valores nonce en varias acciones, lo que permite a un atacante realizar ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:all_in_one_b2b_for_woocommerce_project:all_in_one_b2b_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "AE21098B-A473-42D0-971D-1EA84961A82B"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-35xx/CVE-2023-3550.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3550",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-25T16:15:14.347",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:37:10.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mediawiki v1.40.0 does not validate namespaces used in XML files.\n\nTherefore, if the instance administrator allows XML file uploads,\n\na remote attacker with a low-privileged user account can use this\n\nexploit to become an administrator by sending a malicious link to\n\nthe instance administrator.\n\n\n\n"
},
{
"lang": "es",
"value": "Mediawiki v1.40.0 no valida los espacios de nombres utilizados en archivos XML. Por lo tanto, si el administrador de la instancia permite la carga de archivos XML, un atacante remoto con una cuenta de usuario con pocos privilegios puede utilizar este exploit para convertirse en administrador enviando un enlace malicioso al administrador de la instancia.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
"matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/blondie/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.mediawiki.org/wiki/MediaWiki/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

56
CVE-2023/CVE-2023-36xx/CVE-2023-3664.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-3664",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.430",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:39:08.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server."
},
{
"lang": "es",
"value": "El complemento FileOrganizer WordPress hasta la versi\u00f3n 1.0.2 no restringe la funcionalidad en instancias multisitio, lo que permite a los administradores del sitio obtener control total sobre el servidor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fileorganizer:fileorganizer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.2",
"matchCriteriaId": "4226CD91-E971-40CD-A3A5-26765E692AE5"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-389xx/CVE-2023-38907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38907",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T23:15:09.543",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T17:34:40.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,101 @@
"value": "Un problema en TPLink Smart bulb TPLink Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de la clave de sesi\u00f3n en la funci\u00f3n de mensaje."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72"
}
]
}
]
}
],
"references": [
{
"url": "https://arxiv.org/abs/2308.09019",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-394xx/CVE-2023-39453.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39453",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:14.093",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:30:18.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en la funcionalidad tif_parse_sub_IFD de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede entregar un archivo para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1830",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-42xx/CVE-2023-4258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4258",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-09-25T22:15:11.137",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T17:19:08.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.0",
"matchCriteriaId": "EB1A6332-2B25-49AD-89C2-AD24B5BBAE82"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7",
"source": "vulnerabilities@zephyrproject.org"
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-431xx/CVE-2023-43141.json
View File

@ -2,23 +2,126 @@
"id": "CVE-2023-43141",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T16:15:14.587",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T16:55:26.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control."
},
{
"lang": "es",
"value": "TOTOLINK A3700R V9.1.2u.6134_B20201202 y N600R V5.3c.5137 son vulnerables a un control de acceso incorrecto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6134_b20201202:*:*:*:*:*:*:*",
"matchCriteriaId": "6F50C1F0-97C3-4A36-AF11-5833D01537F1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05777EB4-0963-4317-AB0B-287A2140915D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n600r_firmware:4.3.0cu.7647_b20210106:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9382F5-D212-4B6A-94A6-56F889C16E4D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n600r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "601C2FBE-B584-40B9-BBD7-7BF2A14CA694"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://totolink.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Blue-And-White/vul/blob/main/Iot/TOTOLINK/1/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-434xx/CVE-2023-43457.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43457",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T21:15:16.457",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T17:03:01.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "Un problema en Service Provider Management System v.1.0 permite a un atacante remoto obtener privilegios a trav\u00e9s del par\u00e1metro ID en el endpoint /php-spms/admin/?page=user/."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:service_provider_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C20DC3-D0C4-4D07-A2AA-8057A70FC448"
}
]
}
]
}
],
"references": [
{
"url": "https://samh4cks.github.io/posts/cve-2023-43457/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.sourcecodester.com/users/tips23",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-26T16:00:25.284962+00:00
2023-09-26T18:00:25.251929+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-26T15:58:02.723000+00:00
2023-09-26T17:57:04.753000+00:00
```
### Last Data Feed Release
@ -40,33 +40,24 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit
Recently modified CVEs: `71`
Recently modified CVEs: `16`
* [CVE-2023-43767](CVE-2023/CVE-2023-437xx/CVE-2023-43767.json) (`2023-09-26T14:51:32.377`)
* [CVE-2023-43766](CVE-2023/CVE-2023-437xx/CVE-2023-43766.json) (`2023-09-26T14:51:56.633`)
* [CVE-2023-43765](CVE-2023/CVE-2023-437xx/CVE-2023-43765.json) (`2023-09-26T14:52:04.797`)
* [CVE-2023-41868](CVE-2023/CVE-2023-418xx/CVE-2023-41868.json) (`2023-09-26T14:53:37.590`)
* [CVE-2023-5146](CVE-2023/CVE-2023-51xx/CVE-2023-5146.json) (`2023-09-26T14:54:53.567`)
* [CVE-2023-1625](CVE-2023/CVE-2023-16xx/CVE-2023-1625.json) (`2023-09-26T14:57:28.787`)
* [CVE-2023-38346](CVE-2023/CVE-2023-383xx/CVE-2023-38346.json) (`2023-09-26T14:58:24.360`)
* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-26T14:59:06.790`)
* [CVE-2023-40183](CVE-2023/CVE-2023-401xx/CVE-2023-40183.json) (`2023-09-26T14:59:41.697`)
* [CVE-2023-4631](CVE-2023/CVE-2023-46xx/CVE-2023-4631.json) (`2023-09-26T15:00:02.983`)
* [CVE-2023-41902](CVE-2023/CVE-2023-419xx/CVE-2023-41902.json) (`2023-09-26T15:00:18.523`)
* [CVE-2023-5156](CVE-2023/CVE-2023-51xx/CVE-2023-5156.json) (`2023-09-26T15:02:42.643`)
* [CVE-2023-43762](CVE-2023/CVE-2023-437xx/CVE-2023-43762.json) (`2023-09-26T15:06:14.940`)
* [CVE-2023-43763](CVE-2023/CVE-2023-437xx/CVE-2023-43763.json) (`2023-09-26T15:17:46.050`)
* [CVE-2023-43764](CVE-2023/CVE-2023-437xx/CVE-2023-43764.json) (`2023-09-26T15:40:45.620`)
* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2023-09-26T15:42:07.133`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-09-26T15:44:17.537`)
* [CVE-2023-43644](CVE-2023/CVE-2023-436xx/CVE-2023-43644.json) (`2023-09-26T15:45:28.193`)
* [CVE-2023-43642](CVE-2023/CVE-2023-436xx/CVE-2023-43642.json) (`2023-09-26T15:46:35.600`)
* [CVE-2023-43458](CVE-2023/CVE-2023-434xx/CVE-2023-43458.json) (`2023-09-26T15:47:14.577`)
* [CVE-2023-43784](CVE-2023/CVE-2023-437xx/CVE-2023-43784.json) (`2023-09-26T15:50:16.683`)
* [CVE-2023-5165](CVE-2023/CVE-2023-51xx/CVE-2023-5165.json) (`2023-09-26T15:50:49.217`)
* [CVE-2023-5166](CVE-2023/CVE-2023-51xx/CVE-2023-5166.json) (`2023-09-26T15:51:51.887`)
* [CVE-2023-42817](CVE-2023/CVE-2023-428xx/CVE-2023-42817.json) (`2023-09-26T15:57:45.363`)
* [CVE-2023-5158](CVE-2023/CVE-2023-51xx/CVE-2023-5158.json) (`2023-09-26T15:58:02.723`)
* [CVE-2020-35466](CVE-2020/CVE-2020-354xx/CVE-2020-35466.json) (`2023-09-26T17:46:20.060`)
* [CVE-2022-4039](CVE-2022/CVE-2022-40xx/CVE-2022-4039.json) (`2023-09-26T16:15:18.963`)
* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-26T16:11:56.963`)
* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-09-26T16:21:06.823`)
* [CVE-2023-3547](CVE-2023/CVE-2023-35xx/CVE-2023-3547.json) (`2023-09-26T16:24:21.143`)
* [CVE-2023-32653](CVE-2023/CVE-2023-326xx/CVE-2023-32653.json) (`2023-09-26T16:26:41.753`)
* [CVE-2023-39453](CVE-2023/CVE-2023-394xx/CVE-2023-39453.json) (`2023-09-26T16:30:18.753`)
* [CVE-2023-35002](CVE-2023/CVE-2023-350xx/CVE-2023-35002.json) (`2023-09-26T16:31:56.727`)
* [CVE-2023-3550](CVE-2023/CVE-2023-35xx/CVE-2023-3550.json) (`2023-09-26T16:37:10.613`)
* [CVE-2023-3664](CVE-2023/CVE-2023-36xx/CVE-2023-3664.json) (`2023-09-26T16:39:08.500`)
* [CVE-2023-43141](CVE-2023/CVE-2023-431xx/CVE-2023-43141.json) (`2023-09-26T16:55:26.053`)
* [CVE-2023-43457](CVE-2023/CVE-2023-434xx/CVE-2023-43457.json) (`2023-09-26T17:03:01.700`)
* [CVE-2023-4258](CVE-2023/CVE-2023-42xx/CVE-2023-4258.json) (`2023-09-26T17:19:08.510`)
* [CVE-2023-38907](CVE-2023/CVE-2023-389xx/CVE-2023-38907.json) (`2023-09-26T17:34:40.213`)
* [CVE-2023-1633](CVE-2023/CVE-2023-16xx/CVE-2023-1633.json) (`2023-09-26T17:46:42.743`)
* [CVE-2023-1636](CVE-2023/CVE-2023-16xx/CVE-2023-1636.json) (`2023-09-26T17:57:04.753`)
## Download and Usage