diff --git a/CVE-2020/CVE-2020-354xx/CVE-2020-35466.json b/CVE-2020/CVE-2020-354xx/CVE-2020-35466.json index beac8d4f039..cb145079c64 100644 --- a/CVE-2020/CVE-2020-354xx/CVE-2020-35466.json +++ b/CVE-2020/CVE-2020-354xx/CVE-2020-35466.json @@ -2,7 +2,7 @@ "id": "CVE-2020-35466", "sourceIdentifier": "cve@mitre.org", "published": "2020-12-15T23:15:13.263", - "lastModified": "2020-12-17T17:42:07.280", + "lastModified": "2023-09-26T17:46:20.060", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:blackfire:blackfire:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:blackfire:blackfire_docker_image:*:*:*:*:*:*:*:*", "versionEndIncluding": "2020-12-14", - "matchCriteriaId": "86791E8D-6217-428F-B51A-CC12F8D1BDB5" + "matchCriteriaId": "2A39AEFF-7819-48E3-81B0-675DA354C648" } ] } diff --git a/CVE-2022/CVE-2022-40xx/CVE-2022-4039.json b/CVE-2022/CVE-2022-40xx/CVE-2022-4039.json index 9b28ec3d3d7..49750d920b9 100644 --- a/CVE-2022/CVE-2022-40xx/CVE-2022-4039.json +++ b/CVE-2022/CVE-2022-40xx/CVE-2022-4039.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4039", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-22T15:15:09.847", - "lastModified": "2023-09-22T16:38:32.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-26T16:15:18.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -38,18 +58,119 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "01B0F191-ADDB-4AAE-A5C5-5CC16909E64A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "FD75BCB4-F0E1-4C05-A2D7-001503C805C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "B02036DD-4489-480B-B7D4-4EB08952377B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "C7E78C55-45B6-4E01-9773-D3468F8EA9C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "30E2CF79-2D56-48AB-952E-5DDAFE471073" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "54E24055-813B-4E6D-94B7-FAD5F78B8537" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:1047", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2022-4039", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json index 90cb478568d..81aeb53b56f 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json @@ -2,16 +2,40 @@ "id": "CVE-2023-1260", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-24T01:15:42.707", - "lastModified": "2023-09-25T01:35:47.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-26T16:21:06.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en kube-apiserver. Este problema podr\u00eda permitir que un atacante remoto y autenticado al que se le hayan otorgado permisos \"update, patch\" el subrecurso \"pods/ephemeralcontainers\" m\u00e1s all\u00e1 de lo predeterminado. Luego tendr\u00edan que crear un nuevo pod o parchear uno al que ya tengan acceso. Esto podr\u00eda permitir la evasi\u00f3n de las restricciones de admisi\u00f3n de SCC, obteniendo as\u00ed el control de un m\u00f3dulo privilegiado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,30 +58,108 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:kube-apiserver:-:*:*:*:*:*:*:*", + "matchCriteriaId": "58A67EBB-3567-46AD-9EF2-8DA8DBABBA03" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*", + "matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:3976", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:4093", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:4312", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:4898", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-1260", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json index 26fe1b3a4c2..2b43e11c39a 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json @@ -2,16 +2,40 @@ "id": "CVE-2023-1633", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-24T01:15:43.760", - "lastModified": "2023-09-25T01:35:47.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-26T17:46:42.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla de fuga de credenciales en OpenStack Barbican. Esta falla permite que un atacante autenticado local lea el archivo de configuraci\u00f3n y obtenga acceso a credenciales sensibles." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,75 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*", + "matchCriteriaId": "596EFC6C-4D91-4EDF-9EC6-1C58EB485C5E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-1633", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json index 9748e0d9539..c164db412b3 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json @@ -2,16 +2,40 @@ "id": "CVE-2023-1636", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-24T01:15:43.920", - "lastModified": "2023-09-25T01:35:47.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-26T17:57:04.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en los contenedores OpenStack Barbican. Esta vulnerabilidad solo se aplica a implementaciones que utilizan una configuraci\u00f3n todo en uno. Los contenedores Barbican comparten el mismo espacio de nombres CGROUP, USER y NET con el sistema host y otros servicios OpenStack. Si alg\u00fan servicio se ve comprometido, podr\u00eda obtener acceso a los datos transmitidos hacia y desde Barbican." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,75 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*", + "matchCriteriaId": "596EFC6C-4D91-4EDF-9EC6-1C58EB485C5E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-1636", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32653.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32653.json index 2840219e27f..bdfec3861d3 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32653.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32653.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32653", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-25T16:15:13.880", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:26:41.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites en la funcionalidad dcm_pixel_data_decode de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json index 7efc1099f46..7959ddce97d 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34319", "sourceIdentifier": "security@xen.org", "published": "2023-09-22T14:15:45.627", - "lastModified": "2023-09-22T16:38:32.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-26T16:11:56.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "La soluci\u00f3n para XSA-423 agreg\u00f3 l\u00f3gica al controlador netback de Linux para lidiar con una interfaz que divide un paquete de tal manera que no todos los encabezados vengan en una sola pieza. Desafortunadamente, la l\u00f3gica introducida all\u00ed no tuvo en cuenta el caso extremo de que todo el paquete se divida en tantas partes como lo permita el protocolo, pero a\u00fan as\u00ed sea m\u00e1s peque\u00f1o que el \u00e1rea que se trata especialmente para mantener todos los (posibles) encabezados juntos. Por lo tanto, un paquete tan inusual provocar\u00eda un Desbordamiento del B\u00fafer en el controlador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*", + "versionStartIncluding": "3.2.0", + "matchCriteriaId": "07AD4949-CFD3-4551-B63D-B307F8EB10FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-438.html", - "source": "security@xen.org" + "source": "security@xen.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35002.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35002.json index b2bf47428d7..9bd91d179d0 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35002.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35002.json @@ -2,16 +2,40 @@ "id": "CVE-2023-35002", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-25T16:15:14.013", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:31:56.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer basada en mont\u00f3n en la funcionalidad pictwread de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1760", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3547.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3547.json index 03113a588ce..e9ccf7cbcae 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3547.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3547.json @@ -2,15 +2,42 @@ "id": "CVE-2023-3547", "sourceIdentifier": "contact@wpscan.com", "published": "2023-09-25T16:15:14.273", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:24:21.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks." + }, + { + "lang": "es", + "value": "El complemento de WordPress All in One B2B para WooCommerce hasta la versi\u00f3n 1.0.3 no verifica correctamente los valores nonce en varias acciones, lo que permite a un atacante realizar ataques CSRF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +50,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:all_in_one_b2b_for_woocommerce_project:all_in_one_b2b_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "AE21098B-A473-42D0-971D-1EA84961A82B" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3550.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3550.json index d0e9cbfb529..f7efc69afd4 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3550.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3550.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3550", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-25T16:15:14.347", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:37:10.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mediawiki v1.40.0 does not validate namespaces used in XML files.\n\nTherefore, if the instance administrator allows XML file uploads,\n\na remote attacker with a low-privileged user account can use this\n\nexploit to become an administrator by sending a malicious link to\n\nthe instance administrator.\n\n\n\n" + }, + { + "lang": "es", + "value": "Mediawiki v1.40.0 no valida los espacios de nombres utilizados en archivos XML. Por lo tanto, si el administrador de la instancia permite la carga de archivos XML, un atacante remoto con una cuenta de usuario con pocos privilegios puede utilizar este exploit para convertirse en administrador enviando un enlace malicioso al administrador de la instancia.\n" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "help@fluidattacks.com", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*", + "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/blondie/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.mediawiki.org/wiki/MediaWiki/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3664.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3664.json index c467918f28b..281cc7ec3a9 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3664.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3664.json @@ -2,15 +2,42 @@ "id": "CVE-2023-3664", "sourceIdentifier": "contact@wpscan.com", "published": "2023-09-25T16:15:14.430", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:39:08.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server." + }, + { + "lang": "es", + "value": "El complemento FileOrganizer WordPress hasta la versi\u00f3n 1.0.2 no restringe la funcionalidad en instancias multisitio, lo que permite a los administradores del sitio obtener control total sobre el servidor." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fileorganizer:fileorganizer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.2", + "matchCriteriaId": "4226CD91-E971-40CD-A3A5-26765E692AE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38907.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38907.json index 708a6bb0eef..72b52d0525c 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38907.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38907.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38907", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-25T23:15:09.543", - "lastModified": "2023-09-26T12:45:48.413", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T17:34:40.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,101 @@ "value": "Un problema en TPLink Smart bulb TPLink Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de la clave de sesi\u00f3n en la funci\u00f3n de mensaje." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", + "matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72" + } + ] + } + ] + } + ], "references": [ { "url": "https://arxiv.org/abs/2308.09019", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39453.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39453.json index 98af7e12ee8..0482154d12d 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39453.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39453.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39453", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-09-25T16:15:14.093", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:30:18.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en la funcionalidad tif_parse_sub_IFD de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede entregar un archivo para desencadenar esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1830", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4258.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4258.json index b0202d576a7..0a628b9ef23 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4258.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4258.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4258", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2023-09-25T22:15:11.137", - "lastModified": "2023-09-26T12:45:48.413", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T17:19:08.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.4.0", + "matchCriteriaId": "EB1A6332-2B25-49AD-89C2-AD24B5BBAE82" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43141.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43141.json index f5530d82512..f248e75e89f 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43141.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43141.json @@ -2,23 +2,126 @@ "id": "CVE-2023-43141", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-25T16:15:14.587", - "lastModified": "2023-09-25T16:16:30.717", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T16:55:26.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control." + }, + { + "lang": "es", + "value": "TOTOLINK A3700R V9.1.2u.6134_B20201202 y N600R V5.3c.5137 son vulnerables a un control de acceso incorrecto." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6134_b20201202:*:*:*:*:*:*:*", + "matchCriteriaId": "6F50C1F0-97C3-4A36-AF11-5833D01537F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "05777EB4-0963-4317-AB0B-287A2140915D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:n600r_firmware:4.3.0cu.7647_b20210106:*:*:*:*:*:*:*", + "matchCriteriaId": "EB9382F5-D212-4B6A-94A6-56F889C16E4D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:n600r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "601C2FBE-B584-40B9-BBD7-7BF2A14CA694" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://totolink.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Blue-And-White/vul/blob/main/Iot/TOTOLINK/1/readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43457.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43457.json index fbad20b16b3..dad000e3c87 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43457.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43457.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43457", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-25T21:15:16.457", - "lastModified": "2023-09-26T12:45:48.413", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-26T17:03:01.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "Un problema en Service Provider Management System v.1.0 permite a un atacante remoto obtener privilegios a trav\u00e9s del par\u00e1metro ID en el endpoint /php-spms/admin/?page=user/." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:service_provider_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F7C20DC3-D0C4-4D07-A2AA-8057A70FC448" + } + ] + } + ] + } + ], "references": [ { "url": "https://samh4cks.github.io/posts/cve-2023-43457/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.sourcecodester.com/users/tips23", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 81390c804bb..38fe70b313d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-26T16:00:25.284962+00:00 +2023-09-26T18:00:25.251929+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-26T15:58:02.723000+00:00 +2023-09-26T17:57:04.753000+00:00 ``` ### Last Data Feed Release @@ -40,33 +40,24 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `71` +Recently modified CVEs: `16` -* [CVE-2023-43767](CVE-2023/CVE-2023-437xx/CVE-2023-43767.json) (`2023-09-26T14:51:32.377`) -* [CVE-2023-43766](CVE-2023/CVE-2023-437xx/CVE-2023-43766.json) (`2023-09-26T14:51:56.633`) -* [CVE-2023-43765](CVE-2023/CVE-2023-437xx/CVE-2023-43765.json) (`2023-09-26T14:52:04.797`) -* [CVE-2023-41868](CVE-2023/CVE-2023-418xx/CVE-2023-41868.json) (`2023-09-26T14:53:37.590`) -* [CVE-2023-5146](CVE-2023/CVE-2023-51xx/CVE-2023-5146.json) (`2023-09-26T14:54:53.567`) -* [CVE-2023-1625](CVE-2023/CVE-2023-16xx/CVE-2023-1625.json) (`2023-09-26T14:57:28.787`) -* [CVE-2023-38346](CVE-2023/CVE-2023-383xx/CVE-2023-38346.json) (`2023-09-26T14:58:24.360`) -* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-26T14:59:06.790`) -* [CVE-2023-40183](CVE-2023/CVE-2023-401xx/CVE-2023-40183.json) (`2023-09-26T14:59:41.697`) -* [CVE-2023-4631](CVE-2023/CVE-2023-46xx/CVE-2023-4631.json) (`2023-09-26T15:00:02.983`) -* [CVE-2023-41902](CVE-2023/CVE-2023-419xx/CVE-2023-41902.json) (`2023-09-26T15:00:18.523`) -* [CVE-2023-5156](CVE-2023/CVE-2023-51xx/CVE-2023-5156.json) (`2023-09-26T15:02:42.643`) -* [CVE-2023-43762](CVE-2023/CVE-2023-437xx/CVE-2023-43762.json) (`2023-09-26T15:06:14.940`) -* [CVE-2023-43763](CVE-2023/CVE-2023-437xx/CVE-2023-43763.json) (`2023-09-26T15:17:46.050`) -* [CVE-2023-43764](CVE-2023/CVE-2023-437xx/CVE-2023-43764.json) (`2023-09-26T15:40:45.620`) -* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2023-09-26T15:42:07.133`) -* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-09-26T15:44:17.537`) -* [CVE-2023-43644](CVE-2023/CVE-2023-436xx/CVE-2023-43644.json) (`2023-09-26T15:45:28.193`) -* [CVE-2023-43642](CVE-2023/CVE-2023-436xx/CVE-2023-43642.json) (`2023-09-26T15:46:35.600`) -* [CVE-2023-43458](CVE-2023/CVE-2023-434xx/CVE-2023-43458.json) (`2023-09-26T15:47:14.577`) -* [CVE-2023-43784](CVE-2023/CVE-2023-437xx/CVE-2023-43784.json) (`2023-09-26T15:50:16.683`) -* [CVE-2023-5165](CVE-2023/CVE-2023-51xx/CVE-2023-5165.json) (`2023-09-26T15:50:49.217`) -* [CVE-2023-5166](CVE-2023/CVE-2023-51xx/CVE-2023-5166.json) (`2023-09-26T15:51:51.887`) -* [CVE-2023-42817](CVE-2023/CVE-2023-428xx/CVE-2023-42817.json) (`2023-09-26T15:57:45.363`) -* [CVE-2023-5158](CVE-2023/CVE-2023-51xx/CVE-2023-5158.json) (`2023-09-26T15:58:02.723`) +* [CVE-2020-35466](CVE-2020/CVE-2020-354xx/CVE-2020-35466.json) (`2023-09-26T17:46:20.060`) +* [CVE-2022-4039](CVE-2022/CVE-2022-40xx/CVE-2022-4039.json) (`2023-09-26T16:15:18.963`) +* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-26T16:11:56.963`) +* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-09-26T16:21:06.823`) +* [CVE-2023-3547](CVE-2023/CVE-2023-35xx/CVE-2023-3547.json) (`2023-09-26T16:24:21.143`) +* [CVE-2023-32653](CVE-2023/CVE-2023-326xx/CVE-2023-32653.json) (`2023-09-26T16:26:41.753`) +* [CVE-2023-39453](CVE-2023/CVE-2023-394xx/CVE-2023-39453.json) (`2023-09-26T16:30:18.753`) +* [CVE-2023-35002](CVE-2023/CVE-2023-350xx/CVE-2023-35002.json) (`2023-09-26T16:31:56.727`) +* [CVE-2023-3550](CVE-2023/CVE-2023-35xx/CVE-2023-3550.json) (`2023-09-26T16:37:10.613`) +* [CVE-2023-3664](CVE-2023/CVE-2023-36xx/CVE-2023-3664.json) (`2023-09-26T16:39:08.500`) +* [CVE-2023-43141](CVE-2023/CVE-2023-431xx/CVE-2023-43141.json) (`2023-09-26T16:55:26.053`) +* [CVE-2023-43457](CVE-2023/CVE-2023-434xx/CVE-2023-43457.json) (`2023-09-26T17:03:01.700`) +* [CVE-2023-4258](CVE-2023/CVE-2023-42xx/CVE-2023-4258.json) (`2023-09-26T17:19:08.510`) +* [CVE-2023-38907](CVE-2023/CVE-2023-389xx/CVE-2023-38907.json) (`2023-09-26T17:34:40.213`) +* [CVE-2023-1633](CVE-2023/CVE-2023-16xx/CVE-2023-1633.json) (`2023-09-26T17:46:42.743`) +* [CVE-2023-1636](CVE-2023/CVE-2023-16xx/CVE-2023-1636.json) (`2023-09-26T17:57:04.753`) ## Download and Usage