admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-22T20:00:24.443414+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-22 20:00:28 +00:00
parent b4269d9beb
commit 0b232c3dba
39 changed files with 8266 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2017/CVE-2017-10003xx/CVE-2017-1000376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-1000376",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-06-19T16:29:00.577",
"lastModified": "2020-01-15T20:15:14.603",
"vulnStatus": "Modified",
"lastModified": "2023-09-22T18:25:54.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -125,6 +125,42 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2",
"matchCriteriaId": "3F474529-750F-4D6B-B2F5-3722B26C27EC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "80B456D2-0880-4A30-94A0-DA40634642FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F1E1EF-B5D0-4984-A628-AB3A56DD67A5"
}
]
}
]
}
],
"references": [
@ -144,7 +180,10 @@
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",

6
CVE-2022/CVE-2022-294xx/CVE-2022-29470.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-29470",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:12.190",
"lastModified": "2023-08-17T14:41:39.780",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-22T18:15:09.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access."
"value": "Improper access control in the Intel\u00ae DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n"
}
],
"metrics": {

79
CVE-2022/CVE-2022-35xx/CVE-2022-3596.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-3596",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T20:15:11.217",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T18:47:37.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una fuga de informaci\u00f3n en la nube inferior de OpenStack. Esta falla permite a atacantes remotos no autenticados inspeccionar datos sensibles despu\u00e9s de descubrir la direcci\u00f3n IP de la nube, lo que posiblemente comprometa la informaci\u00f3n privada, incluidas las credenciales de acceso del administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:els:*:*:*",
"matchCriteriaId": "DAB5A865-2253-4A36-853C-764C4060A6BD"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:8897",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3596",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

223
CVE-2022/CVE-2022-39xx/CVE-2022-3916.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-3916",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T15:15:11.583",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:34:15.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el alcance offline_access en Keycloak. Este problema afectar\u00eda m\u00e1s a los usuarios de ordenadores compartidos (especialmente si las cookies no se borran), debido a la falta de validaci\u00f3n de la sesi\u00f3n root y a la reutilizaci\u00f3n de los identificadores de sesi\u00f3n en las sesiones de autenticaci\u00f3n de usuario y root. Esto permite a un atacante resolver una sesi\u00f3n de usuario adjunta a un usuario previamente autenticado; al utilizar el token de actualizaci\u00f3n, se les emitir\u00e1 un token para el usuario original."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,54 +58,225 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.0.2",
"matchCriteriaId": "53DA67A0-2E85-499E-B8E1-2B12C433BC29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEC61BC-E699-456E-99B6-C049F2A5F23F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B02036DD-4489-480B-B7D4-4EB08952377B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E78C55-45B6-4E01-9773-D3468F8EA9C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "30E2CF79-2D56-48AB-952E-5DDAFE471073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "54E24055-813B-4E6D-94B7-FAD5F78B8537"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CC262C4C-7B6A-4117-A50F-1FF69296DDD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E58526FB-522F-4AAC-B03C-9CAB443D0CFF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:8961",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8962",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8963",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8964",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8965",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1043",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1044",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1045",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1049",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3916",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

61
CVE-2022/CVE-2022-454xx/CVE-2022-45448.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-45448",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T13:15:11.180",
"lastModified": "2023-09-20T14:13:22.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T19:33:28.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter."
},
{
"lang": "es",
"value": "El complemento M4 PDF para sitios Prestashop, en su versi\u00f3n 3.2.3 y anteriores, es vulnerable a la creaci\u00f3n de Documentos HTML arbitraria. El recurso /m4pdf/pdf.php utiliza plantillas para crear documentos din\u00e1micamente. En el caso de que la plantilla no exista, la aplicaci\u00f3n devolver\u00e1 un documento fijo con un mensaje en formato mpdf. Un atacante podr\u00eda aprovechar esta vulnerabilidad ingresando un documento HTML/CSS v\u00e1lido como valor del par\u00e1metro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:m4_pdf:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "3.2.3",
"matchCriteriaId": "6AE55D08-63EE-42F3-8149-D8D50E478B65"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

4813
CVE-2023/CVE-2023-205xx/CVE-2023-20594.json
View File

File diff suppressed because it is too large Load Diff

991
CVE-2023/CVE-2023-22xx/CVE-2023-2262.json
View File

File diff suppressed because it is too large Load Diff

78
CVE-2023/CVE-2023-25xx/CVE-2023-2508.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2508",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-20T16:15:12.373",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:32:46.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The `PaperCutNG Mobility Print` version 1.0.3512 application allows an\n\nunauthenticated attacker to perform a CSRF attack on an instance\n\nadministrator to configure the clients host (in the \"configure printer\n\ndiscovery\" section). This is possible because the application has no\n\nprotections against CSRF attacks, like Anti-CSRF tokens, header origin\n\nvalidation, samesite cookies, etc.\n\n\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n `PaperCutNG Mobility Print` versi\u00f3n 1.0.3512 permite que un atacante no autenticado realice un ataque CSRF en un administrador de instancia para configurar el anfitri\u00f3n del cliente (en la secci\u00f3n \"configurar descubrimiento de impresora\"). Esto es posible porque la aplicaci\u00f3n no tiene protecciones contra ataques CSRF, como tokens Anti-CSRF, validaci\u00f3n del origen del encabezado, cookies del mismo sitio, etc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:papercut:mobility_print_server:1.0.3512:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3748D7-5718-4CF3-BB0D-B76499F4DDEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/solveig/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Release Notes"
]
}
]
}

219
CVE-2023/CVE-2023-33xx/CVE-2023-3341.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3341",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:11.770",
"lastModified": "2023-09-20T15:15:11.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:51:05.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1."
},
{
"lang": "es",
"value": "El c\u00f3digo que procesa los mensajes del canal de control enviados a \"named\" llama a ciertas funciones de forma recursiva durante el an\u00e1lisis de paquetes. La profundidad de la recursividad s\u00f3lo est\u00e1 limitada por el tama\u00f1o m\u00e1ximo de paquete aceptado; Dependiendo del entorno, esto puede provocar que el c\u00f3digo de an\u00e1lisis de paquetes se quede sin memoria disponible, lo que provocar\u00e1 que \"named\" finalice inesperadamente. Dado que cada mensaje entrante del canal de control se analiza completamente antes de autenticar su contenido, explotar esta falla no requiere que el atacante tenga una clave RNDC v\u00e1lida; s\u00f3lo es necesario el acceso de red al puerto TCP configurado del canal de control. Este problema afecta a las versiones de BIND 9, 9.2.0 a 9.16.43, 9.18.0 a 9.18.18, 9.19.0 a 9.19.16, 9.9.3-S1 a 9.16.43-S1 y 9.18.0-S1 a 9.18. .18-S1."
}
],
"metrics": {
@ -34,14 +38,221 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "9.16.44",
"matchCriteriaId": "322EA0C2-84E3-4D3E-A9DE-F02A933D6B2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.18.0",
"versionEndExcluding": "9.18.19",
"matchCriteriaId": "0A49C866-6171-4FF1-876F-9B31BF10296C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.19.0",
"versionEndExcluding": "9.19.17",
"matchCriteriaId": "AF9DB43A-47CA-496E-8EF9-2F0C34A6E8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "40EE014B-0CD8-45F3-BEDB-AE6368A78B04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "DAF8FA8C-0526-4389-AEC6-92AD62AA3929"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "1A9BA952-A5DF-4CBA-8928-0B373C013C32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "CAD41122-C5D8-4256-8CB7-FF88DCD96A13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "6243685F-1E5B-4FF6-AE1B-44798032FBA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "C2FE13E1-0646-46FC-875B-CB4C34E20101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.3:s4:*:*:supported_preview:*:*:*",
"matchCriteriaId": "39995ADF-74CC-4035-ADB2-010F676FCEC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.4:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "37F4F055-5DE3-45FC-82DE-E17679E7B939"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*",
"matchCriteriaId": "1AA16E51-819C-4A1B-B66E-1C60C1782C0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*",
"matchCriteriaId": "91533F9F-C0E5-4E84-8A4C-F744F956BF97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*",
"matchCriteriaId": "46E6A4BD-D69B-4A70-821D-5612DD1315EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "8AF9D390-0D5B-4963-A2D3-BF1E7CD95E9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "AB2B92F1-6BA8-41CA-9000-E0633462CC28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "02CA4635-7DFC-408E-A837-856E0F96CA1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "3CABCB08-B838-45F7-AA87-77C6B8767DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "582A4948-B64F-45D4-807A-846A85BB6B42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "F22E7F6A-0714-480D-ACDF-5027FD6697B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "255AEB06-F071-4433-93E5-9436086C1A6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "EF14D712-5FCF-492F-BE3E-745109E9D6E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "1B20F152-D0C3-4F07-83B3-5EA6B116F005"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "53593603-E2AF-4925-A6E6-109F097A0FF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "F70347F2-6750-4497-B8F4-2036F4F4443A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "A4B53B73-DB81-4AC1-A4E6-89BB305D6514"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.0:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "22F7108A-73F1-4950-B2C8-AB56C1D4DAC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "0233AEF2-9911-48AE-AE97-F217E3337AAF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://kb.isc.org/docs/cve-2023-3341",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-345xx/CVE-2023-34575.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T22:15:12.393",
"lastModified": "2023-09-20T22:23:00.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:02:44.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PrestaShop opartsavecart hasta 2.0.7 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante los m\u00e9todos OpartSaveCartDefaultModuleFrontController::initContent() y OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:op\\'art_save_cart_project:op\\'art_save_cart:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "2.0.7",
"matchCriteriaId": "8A4F34F7-61E6-4E14-9A4D-6F00C9A95AC9"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/19/opartsavecart.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-35xx/CVE-2023-3567.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-3567",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:12.990",
"lastModified": "2023-08-02T00:59:52.037",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-22T18:15:10.517",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information."
"value": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information."
}
],
"metrics": {

28
CVE-2023/CVE-2023-383xx/CVE-2023-38346.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-38346",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T19:15:09.593",
"lastModified": "2023-09-22T19:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."
}
],
"metrics": {},
"references": [
{
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346",
"source": "cve@mitre.org"
},
{
"url": "https://support2.windriver.com/index.php?page=security-notices",
"source": "cve@mitre.org"
},
{
"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/",
"source": "cve@mitre.org"
}
]
}

100
CVE-2023/CVE-2023-387xx/CVE-2023-38718.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38718",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-09-20T20:15:11.467",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:14:47.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606."
},
{
"lang": "es",
"value": "IBM Robotic Process Automation 21.0.0 a 21.0.7.8 podr\u00eda revelar informaci\u00f3n sensible procedente del acceso a scripts de RPA, flujos de trabajo y datos relacionados. ID de IBM X-Force: 261606."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.0.0",
"versionEndIncluding": "21.0.7.8",
"matchCriteriaId": "4C200335-A4F3-4EB0-AC27-37D0B826E4FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndIncluding": "23.0.8",
"matchCriteriaId": "3BB972E1-8FD8-46D6-8B2A-39968B980140"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:cloud_pak:*:*",
"versionStartIncluding": "21.0.0",
"versionEndIncluding": "21.0.7.8",
"matchCriteriaId": "8FA1BB25-0D07-4870-B141-8AA1AB449A99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:cloud_pak:*:*",
"versionStartIncluding": "23.0.0",
"versionEndIncluding": "23.0.8",
"matchCriteriaId": "830C86A8-49B4-4351-8B96-E3DA0031C209"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261606",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7031619",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-388xx/CVE-2023-38876.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-38876",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T21:15:11.557",
"lastModified": "2023-09-20T22:22:25.743",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:25:49.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en PHP-Login-System 2.0.1 de msaad1999 permite a atacantes remotos ejecutar JavaScript de su elecci\u00f3n en el navegador web de un usuario, al incluir un payoad malicioso en el par\u00e1metro 'selector' en '/reset -contrase\u00f1a'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:msaad1999:php-login-system:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "106C074B-1807-4B4F-A339-B0FBA8F0A8E5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38876",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-38xx/CVE-2023-3892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3892",
"sourceIdentifier": "security@mimsoftware.com",
"published": "2023-09-19T15:15:52.053",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T19:23:28.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.9
},
{
"source": "security@mimsoftware.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "security@mimsoftware.com",
"type": "Secondary",
@ -50,10 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mimsoftware:assistant:7.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7803AC47-77B6-4CBC-A0E1-75D87C2A1434"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mimsoftware:assistant:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0B1F4E-21A6-4CB7-8056-1C914BC20A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mimsoftware:client:7.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "015A88C0-0068-4EC9-A95B-C8CC0D3A492C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mimsoftware:client:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF1CF84-6250-45AF-84E8-88EBDF7FCD86"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mimsoftware.com/cve-2023-3892",
"source": "security@mimsoftware.com"
"source": "security@mimsoftware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-396xx/CVE-2023-39675.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-39675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T22:15:13.243",
"lastModified": "2023-09-20T22:22:58.847",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T18:43:26.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SimpleImportProduct Prestashop Module v6.2.9 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro clave en send.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "FCA03BE8-18A5-47BE-A165-D7C8C4E4DF9F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.sorcery.ie/posts/simpleimportproduct_sqli/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sorcery.ie",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

83
CVE-2023/CVE-2023-396xx/CVE-2023-39677.json
View File

@ -2,27 +2,98 @@
"id": "CVE-2023-39677",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T21:15:11.627",
"lastModified": "2023-09-20T22:23:02.613",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T18:48:49.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MyPrestaModules Prestashop Module v6.2.9 y UpdateProducts Prestashop Module v3.6.9 contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n PHPInfo a trav\u00e9s de send.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "FCA03BE8-18A5-47BE-A165-D7C8C4E4DF9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:updateproducts_project:updateproducts:3.6.9:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "EC38CCBF-1928-436B-857A-6BB501449B5C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.sorcery.ie/posts/myprestamodules_phpinfo/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://myprestamodules.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://sorcery.ie",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

87
CVE-2023/CVE-2023-400xx/CVE-2023-40043.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40043",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-20T17:15:11.240",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:32:28.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface\u00a0that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A\u00a0MOVEit system administrator\n\n could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.\n\n"
},
{
"lang": "es",
"value": "En las versiones de MOVEit Transfer lanzadas antes de 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), se ha identificado una vulnerabilidad de inyecci\u00f3n SQL en la interfaz web de MOVEit Transfer que podr\u00eda permitir que una cuenta de administrador del sistema MOVEit obtenga acceso no autorizado a la base de datos de MOVEit Transfer. Un administrador del sistema MOVEit podr\u00eda enviar un payload manipulado a la interfaz web de MOVEit Transfer, lo que podr\u00eda dar como resultado la modificaci\u00f3n y divulgaci\u00f3n del contenido de la base de datos de MOVEit."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021.1.8",
"matchCriteriaId": "F6E9F262-3E55-48FF-94A0-09C0C80FE7C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.0.0",
"versionEndExcluding": "2022.0.8",
"matchCriteriaId": "B1FFF5B1-D887-48EA-BFD1-FBD9F699DEA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.0",
"versionEndExcluding": "2022.1.9",
"matchCriteriaId": "64138C94-BAB8-45D2-93A1-31FC4D4F1E41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.0.6",
"matchCriteriaId": "C35AF1A0-05E8-4F69-9F99-91925C490EE9"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-403xx/CVE-2023-40368.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40368",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-09-20T19:15:11.530",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:11:36.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456."
},
{
"lang": "es",
"value": "IBM Storage Protect 8.1.0.0 a 8.1.19.0 podr\u00eda permitir que un usuario privilegiado obtenga informaci\u00f3n sensible del cliente de l\u00ednea de comando administrativo. ID de IBM X-Force: 263456."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_protect:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0.0",
"versionEndIncluding": "8.1.19.0",
"matchCriteriaId": "EB1DC85A-F9B0-4AEA-9DBF-A14F543EA6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263456",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7034288",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-413xx/CVE-2023-41325.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41325",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:10.800",
"lastModified": "2023-09-17T12:01:22.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T19:07:17.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee\u2019s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable \u2018e\u2019 is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available."
},
{
"lang": "es",
"value": "OP-TEE es un Entorno de Ejecuci\u00f3n Confiable (TEE) dise\u00f1ado como complemento de un kernel de Linux no seguro que se ejecuta en Arm; N\u00facleos Cortex-A que utilizan la tecnolog\u00eda TrustZone. A partir de la versi\u00f3n 3.20 y anteriores a la versi\u00f3n 3.22, `shdr_verify_signature` puede hacer un doble libremente. `shdr_verify_signature` se usa para verificar un binario TA antes de cargarlo. Para verificar una firma del mismo, asigne una memoria para la clave RSA. La funci\u00f3n de asignaci\u00f3n de clave RSA (`sw_crypto_acipher_alloc_rsa_public_key`) intentar\u00e1 asignar una memoria (que es la memoria del mont\u00f3n del candidato). La clave RSA consta de exponente y m\u00f3dulo (representados como variables `e`, `n`) y su asignaci\u00f3n no es de forma at\u00f3mica, por lo que puede tener \u00e9xito en `e` pero fallar en `n`. En este caso, sw_crypto_acipher_alloc_rsa_public_key` se liberar\u00e1 en `e` y regresar\u00e1 cuando fall\u00f3, pero la variable \u201ce\u201d permanece como direcci\u00f3n de memoria ya liberada. `shdr_verify_signature` liberar\u00e1 nuevamente esa memoria (que es `e`), incluso si se libera cuando no se pudo asignar la clave RSA. Hay un parche disponible en la versi\u00f3n 3.22. No hay workarounds conocidos disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.20.0",
"versionEndExcluding": "3.22.0",
"matchCriteriaId": "F01EDA96-EF6E-4A65-8831-4B42ED235B96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linaro:op-tee:3.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D516A715-0899-4350-9992-FF21D31AD67B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-418xx/CVE-2023-41834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41834",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-19T13:16:22.333",
"lastModified": "2023-09-19T21:15:25.203",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T19:24:02.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,44 @@
"value": "La Neutralizaci\u00f3n Inadecuada de Secuencias CRLF en encabezados HTTP en Apache Flink Stateful Functions 3.1.0, 3.1.1 y 3.2.0 permite a atacantes remotos inyectar encabezados HTTP arbitrarios y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de solicitudes HTTP manipuladas. Los atacantes podr\u00edan potencialmente inyectar contenido malicioso en la respuesta HTTP que se env\u00eda al navegador del usuario. Los usuarios deben actualizar a Apache Flink Stateful Functions versi\u00f3n 3.3.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -31,14 +64,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:flink_stateful_functions:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndIncluding": "3.2.0",
"matchCriteriaId": "E7397C1F-270A-4542-BA1A-C2BA98C20BA8"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/19/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-419xx/CVE-2023-41910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41910",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T07:15:14.927",
"lastModified": "2023-09-08T16:49:04.380",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-22T19:15:10.370",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -78,6 +78,10 @@
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00025.html",
"source": "cve@mitre.org"
}
]
}

72
CVE-2023/CVE-2023-423xx/CVE-2023-42321.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-42321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T21:15:11.847",
"lastModified": "2023-09-20T22:22:54.067",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:22:09.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en icmsdev iCMSv.7.0.16 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los archivos user.admincp.php, member.admincp.php y group.admincp.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icmsdev:icms:7.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "50266299-9036-45A3-8E4B-2A323B247877"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ChubbyZ/cb4b8fd818846dec3e9d70863e7955bc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.icmsdev.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

76
CVE-2023/CVE-2023-424xx/CVE-2023-42444.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42444",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T15:15:56.660",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T19:22:42.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -58,18 +88,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*",
"versionEndExcluding": "0.2.5\\+8.11.3",
"matchCriteriaId": "43C3C6E2-A892-4A2B-BABF-1792410DA003"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "0.3.0\\+8.12.9",
"versionEndExcluding": "0.3.3\\+8.13.9",
"matchCriteriaId": "2472D45E-43EB-480B-B550-66DC11713F8F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-424xx/CVE-2023-42447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42447",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T15:15:57.270",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:51:51.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -58,10 +88,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:whisperfish:blurhash-rs:0.1.1:*:*:*:*:rust:*:*",
"matchCriteriaId": "7A6E6410-410C-448A-A86E-102F9BCD9290"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-424xx/CVE-2023-42464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42464",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T15:15:11.817",
"lastModified": "2023-09-21T05:15:13.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:33:38.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,106 @@
"value": "Se encontr\u00f3 una vulnerabilidad de Confusi\u00f3n de Tipos en las funciones Spotlight RPC en afpd en Netatalk 3.1.x anterior a 3.1.17. Al analizar paquetes RPC de Spotlight, una estructura de datos codificada es un diccionario de estilo clave-valor donde las claves son cadenas de caracteres y los valores pueden ser cualquiera de los tipos admitidos en el protocolo subyacente. Debido a la falta de verificaci\u00f3n de tipos en las personas que llaman a la funci\u00f3n dalloc_value_for_key(), que devuelve el objeto asociado con una clave, un actor malicioso puede controlar completamente el valor del puntero y, en teor\u00eda, lograr la Ejecuci\u00f3n Remota de C\u00f3digo en el anfitri\u00f3n. Este problema es similar a CVE-2023-34967."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1",
"versionEndExcluding": "3.1.17",
"matchCriteriaId": "D77B6D18-12B6-4124-B5A9-D202B7521EB7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/486",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://netatalk.sourceforge.io/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://netatalk.sourceforge.io/2.0/htmldocs/afpd.8.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5503",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-426xx/CVE-2023-42656.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42656",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-20T17:15:11.410",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:32:05.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting\u00a0(XSS) vulnerability has been identified in MOVEit Transfer's web interface.\u00a0 An attacker could craft a malicious payload targeting\u00a0MOVEit Transfer users during the package composition procedure.\u00a0 If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser."
},
{
"lang": "es",
"value": "Versiones de MOVEit Transfer en progreso lanzadas antes de 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), cross-site scripting reflejado ( XSS) se ha identificado una vulnerabilidad en la interfaz web de MOVEit Transfer. Un atacante podr\u00eda crear un payload malicioso dirigido a los usuarios de MOVEit Transfer durante el procedimiento de composici\u00f3n del paquete. Si un usuario de MOVEit interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021.1.8",
"matchCriteriaId": "F6E9F262-3E55-48FF-94A0-09C0C80FE7C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.0.0",
"versionEndExcluding": "2022.0.8",
"matchCriteriaId": "B1FFF5B1-D887-48EA-BFD1-FBD9F699DEA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.0",
"versionEndExcluding": "2022.1.9",
"matchCriteriaId": "64138C94-BAB8-45D2-93A1-31FC4D4F1E41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.0.6",
"matchCriteriaId": "C35AF1A0-05E8-4F69-9F99-91925C490EE9"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

87
CVE-2023/CVE-2023-426xx/CVE-2023-42660.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42660",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-20T17:15:11.550",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:31:51.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface\u00a0that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.\n\n"
},
{
"lang": "es",
"value": "En las versiones de MOVEit Transfer lanzadas antes de 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), se ha identificado una vulnerabilidad de inyecci\u00f3n SQL en la interfaz de la m\u00e1quina MOVEit Transfer que podr\u00eda permitir que un atacante autenticado obtenga acceso no autorizado a la base de datos de MOVEit Transfer. Un atacante podr\u00eda enviar un payload manipulado a la interfaz de la m\u00e1quina MOVEit Transfer, lo que podr\u00eda provocar la modificaci\u00f3n y divulgaci\u00f3n del contenido de la base de datos de MOVEit.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021.1.8",
"matchCriteriaId": "F6E9F262-3E55-48FF-94A0-09C0C80FE7C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.0.0",
"versionEndExcluding": "2022.0.8",
"matchCriteriaId": "B1FFF5B1-D887-48EA-BFD1-FBD9F699DEA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.0",
"versionEndExcluding": "2022.1.9",
"matchCriteriaId": "64138C94-BAB8-45D2-93A1-31FC4D4F1E41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndExcluding": "2023.0.6",
"matchCriteriaId": "C35AF1A0-05E8-4F69-9F99-91925C490EE9"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

60
CVE-2023/CVE-2023-42xx/CVE-2023-4236.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4236",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:12.313",
"lastModified": "2023-09-20T15:15:12.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:35:33.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1."
},
{
"lang": "es",
"value": "Una falla en el c\u00f3digo de red que maneja consultas DNS sobre TLS puede causar que \"named\" finalice inesperadamente debido a una falla de aserci\u00f3n. Esto sucede cuando las estructuras de datos internas se reutilizan incorrectamente bajo una carga significativa de consultas DNS sobre TLS. Este problema afecta a las versiones 9.18.0 a 9.18.18 y 9.18.11-S1 a 9.18.18-S1 de BIND 9."
}
],
"metrics": {
@ -34,14 +38,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.18.0",
"versionEndExcluding": "9.18.18",
"matchCriteriaId": "AFC733A3-5CAC-41B1-8CB3-12526E42E981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "16A7E0D1-35A1-4899-9FF2-14279C137C14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "0233AEF2-9911-48AE-AE97-F217E3337AAF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://kb.isc.org/docs/cve-2023-4236",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43270.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43270",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T19:15:11.130",
"lastModified": "2023-09-22T19:15:11.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Libestor/someCVE/tree/main/dst-admin-RCE",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-434xx/CVE-2023-43477.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43477",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-09-20T13:15:12.047",
"lastModified": "2023-09-20T14:13:22.137",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:37:02.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.\u00a0"
},
{
"lang": "es",
"value": "El par\u00e1metro ping_from de ping_tracerte.cgi en la interfaz de usuario web de Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware &lt; 0.18.15r, no se sanitiz\u00f3 adecuadamente antes de usarse en una llamada al sistema, lo que podr\u00eda permitir que un atacante autenticado lograra el comando. inyecci\u00f3n como root en el dispositivo.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -46,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.18.15r",
"matchCriteriaId": "35A4EC70-8D90-4C41-AD63-0C531644C396"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18BB9AA9-95B5-4EF5-B398-7B2E80991966"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-19",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-434xx/CVE-2023-43478.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43478",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-09-20T14:15:15.127",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T18:36:45.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u00a0"
},
{
"lang": "es",
"value": "fake_upload.cgi en Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware &lt; 0.18.15r, permite a atacantes no autenticados cargar im\u00e1genes de firmware y copias de seguridad de configuraci\u00f3n, lo que podr\u00eda permitirles alterar el firmware o la configuraci\u00f3n en el dispositivo, lo que en \u00faltima instancia lleva a para ejecutar el c\u00f3digo como root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -34,10 +58,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.18.15r",
"matchCriteriaId": "35A4EC70-8D90-4C41-AD63-0C531644C396"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18BB9AA9-95B5-4EF5-B398-7B2E80991966"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-19",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-434xx/CVE-2023-43499.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43499",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.980",
"lastModified": "2023-09-20T18:15:12.807",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T18:37:32.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes."
},
{
"lang": "es",
"value": "El complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores no escapan a los nombres de las causas de fallas en los registros de compilaci\u00f3n, lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces de crear o actualizar causas de fallas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:*",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "818E5C9C-3303-48EA-A405-952B194F6CFC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-435xx/CVE-2023-43500.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43500",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:12.037",
"lastModified": "2023-09-20T18:15:12.860",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T18:38:58.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes conectarse a un hostname y puerto especificados por el atacante utilizando un nombre de usuario y contrase\u00f1a especificados por el atacante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:*",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "818E5C9C-3303-48EA-A405-952B194F6CFC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-435xx/CVE-2023-43501.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43501",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:12.090",
"lastModified": "2023-09-20T18:15:12.923",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:04:23.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n de permiso faltante en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes con permiso general/lectura conectarse a un hostname y puerto especificados por el atacante utilizando el nombre de usuario y la contrase\u00f1a especificados por el atacante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:*",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "818E5C9C-3303-48EA-A405-952B194F6CFC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-435xx/CVE-2023-43502.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43502",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:12.147",
"lastModified": "2023-09-20T18:15:13.017",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T19:05:59.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins Build Failure Analyzer 2.4.1 y versiones anteriores permite a los atacantes eliminar Causas de Falla."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:*",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "818E5C9C-3303-48EA-A405-952B194F6CFC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-436xx/CVE-2023-43640.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43640",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T18:15:12.243",
"lastModified": "2023-09-22T18:15:12.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c",
"source": "security-advisories@github.com"
}
]
}

14
CVE-2023/CVE-2023-48xx/CVE-2023-4863.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4863",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-12T15:15:24.327",
"lastModified": "2023-09-22T15:15:14.060",
"lastModified": "2023-09-22T18:15:12.993",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-13",
"cisaActionDue": "2023-10-04",
@ -217,6 +217,18 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/5",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/6",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/7",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/8",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/",
"source": "chrome-cve-admin@google.com",

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-22T18:00:24.462698+00:00
2023-09-22T20:00:24.443414+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-22T17:57:34.747000+00:00
2023-09-22T19:33:28.297000+00:00
```
### Last Data Feed Release
@ -29,51 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226057
226060
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `3`
* [CVE-2023-42798](CVE-2023/CVE-2023-427xx/CVE-2023-42798.json) (`2023-09-22T16:15:09.753`)
* [CVE-2023-41027](CVE-2023/CVE-2023-410xx/CVE-2023-41027.json) (`2023-09-22T17:15:09.880`)
* [CVE-2023-41029](CVE-2023/CVE-2023-410xx/CVE-2023-41029.json) (`2023-09-22T17:15:10.957`)
* [CVE-2023-41031](CVE-2023/CVE-2023-410xx/CVE-2023-41031.json) (`2023-09-22T17:15:14.027`)
* [CVE-2023-42811](CVE-2023/CVE-2023-428xx/CVE-2023-42811.json) (`2023-09-22T16:15:10.583`)
* [CVE-2023-42812](CVE-2023/CVE-2023-428xx/CVE-2023-42812.json) (`2023-09-22T17:15:14.733`)
* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-22T17:15:14.990`)
* [CVE-2023-43640](CVE-2023/CVE-2023-436xx/CVE-2023-43640.json) (`2023-09-22T18:15:12.243`)
* [CVE-2023-38346](CVE-2023/CVE-2023-383xx/CVE-2023-38346.json) (`2023-09-22T19:15:09.593`)
* [CVE-2023-43270](CVE-2023/CVE-2023-432xx/CVE-2023-43270.json) (`2023-09-22T19:15:11.130`)
### CVEs modified in the last Commit
Recently modified CVEs: `43`
Recently modified CVEs: `35`
* [CVE-2023-38351](CVE-2023/CVE-2023-383xx/CVE-2023-38351.json) (`2023-09-22T16:36:21.897`)
* [CVE-2023-38352](CVE-2023/CVE-2023-383xx/CVE-2023-38352.json) (`2023-09-22T16:36:54.860`)
* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-5002](CVE-2023/CVE-2023-50xx/CVE-2023-5002.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-23766](CVE-2023/CVE-2023-237xx/CVE-2023-23766.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-43144](CVE-2023/CVE-2023-431xx/CVE-2023-43144.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-38353](CVE-2023/CVE-2023-383xx/CVE-2023-38353.json) (`2023-09-22T16:39:17.900`)
* [CVE-2023-38354](CVE-2023/CVE-2023-383xx/CVE-2023-38354.json) (`2023-09-22T16:44:46.093`)
* [CVE-2023-38355](CVE-2023/CVE-2023-383xx/CVE-2023-38355.json) (`2023-09-22T16:45:26.050`)
* [CVE-2023-38356](CVE-2023/CVE-2023-383xx/CVE-2023-38356.json) (`2023-09-22T16:45:59.370`)
* [CVE-2023-0829](CVE-2023/CVE-2023-08xx/CVE-2023-0829.json) (`2023-09-22T16:56:52.413`)
* [CVE-2023-42450](CVE-2023/CVE-2023-424xx/CVE-2023-42450.json) (`2023-09-22T17:08:09.950`)
* [CVE-2023-42451](CVE-2023/CVE-2023-424xx/CVE-2023-42451.json) (`2023-09-22T17:10:42.063`)
* [CVE-2023-42452](CVE-2023/CVE-2023-424xx/CVE-2023-42452.json) (`2023-09-22T17:12:47.737`)
* [CVE-2023-25527](CVE-2023/CVE-2023-255xx/CVE-2023-25527.json) (`2023-09-22T17:14:44.967`)
* [CVE-2023-41030](CVE-2023/CVE-2023-410xx/CVE-2023-41030.json) (`2023-09-22T17:15:11.243`)
* [CVE-2023-25528](CVE-2023/CVE-2023-255xx/CVE-2023-25528.json) (`2023-09-22T17:15:55.080`)
* [CVE-2023-25529](CVE-2023/CVE-2023-255xx/CVE-2023-25529.json) (`2023-09-22T17:17:26.360`)
* [CVE-2023-25530](CVE-2023/CVE-2023-255xx/CVE-2023-25530.json) (`2023-09-22T17:18:51.793`)
* [CVE-2023-25531](CVE-2023/CVE-2023-255xx/CVE-2023-25531.json) (`2023-09-22T17:19:55.950`)
* [CVE-2023-25532](CVE-2023/CVE-2023-255xx/CVE-2023-25532.json) (`2023-09-22T17:21:00.470`)
* [CVE-2023-25534](CVE-2023/CVE-2023-255xx/CVE-2023-25534.json) (`2023-09-22T17:25:04.093`)
* [CVE-2023-25533](CVE-2023/CVE-2023-255xx/CVE-2023-25533.json) (`2023-09-22T17:47:22.070`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-22T17:52:46.230`)
* [CVE-2023-5074](CVE-2023/CVE-2023-50xx/CVE-2023-5074.json) (`2023-09-22T17:57:34.747`)
* [CVE-2023-40043](CVE-2023/CVE-2023-400xx/CVE-2023-40043.json) (`2023-09-22T18:32:28.627`)
* [CVE-2023-2508](CVE-2023/CVE-2023-25xx/CVE-2023-2508.json) (`2023-09-22T18:32:46.273`)
* [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2023-09-22T18:33:38.487`)
* [CVE-2023-4236](CVE-2023/CVE-2023-42xx/CVE-2023-4236.json) (`2023-09-22T18:35:33.337`)
* [CVE-2023-43478](CVE-2023/CVE-2023-434xx/CVE-2023-43478.json) (`2023-09-22T18:36:45.253`)
* [CVE-2023-43477](CVE-2023/CVE-2023-434xx/CVE-2023-43477.json) (`2023-09-22T18:37:02.227`)
* [CVE-2023-43499](CVE-2023/CVE-2023-434xx/CVE-2023-43499.json) (`2023-09-22T18:37:32.613`)
* [CVE-2023-43500](CVE-2023/CVE-2023-435xx/CVE-2023-43500.json) (`2023-09-22T18:38:58.530`)
* [CVE-2023-39675](CVE-2023/CVE-2023-396xx/CVE-2023-39675.json) (`2023-09-22T18:43:26.797`)
* [CVE-2023-39677](CVE-2023/CVE-2023-396xx/CVE-2023-39677.json) (`2023-09-22T18:48:49.313`)
* [CVE-2023-3341](CVE-2023/CVE-2023-33xx/CVE-2023-3341.json) (`2023-09-22T18:51:05.490`)
* [CVE-2023-42447](CVE-2023/CVE-2023-424xx/CVE-2023-42447.json) (`2023-09-22T18:51:51.093`)
* [CVE-2023-34575](CVE-2023/CVE-2023-345xx/CVE-2023-34575.json) (`2023-09-22T19:02:44.837`)
* [CVE-2023-43501](CVE-2023/CVE-2023-435xx/CVE-2023-43501.json) (`2023-09-22T19:04:23.370`)
* [CVE-2023-43502](CVE-2023/CVE-2023-435xx/CVE-2023-43502.json) (`2023-09-22T19:05:59.897`)
* [CVE-2023-41325](CVE-2023/CVE-2023-413xx/CVE-2023-41325.json) (`2023-09-22T19:07:17.333`)
* [CVE-2023-40368](CVE-2023/CVE-2023-403xx/CVE-2023-40368.json) (`2023-09-22T19:11:36.147`)
* [CVE-2023-38718](CVE-2023/CVE-2023-387xx/CVE-2023-38718.json) (`2023-09-22T19:14:47.537`)
* [CVE-2023-41910](CVE-2023/CVE-2023-419xx/CVE-2023-41910.json) (`2023-09-22T19:15:10.370`)
* [CVE-2023-20594](CVE-2023/CVE-2023-205xx/CVE-2023-20594.json) (`2023-09-22T19:16:57.037`)
* [CVE-2023-42321](CVE-2023/CVE-2023-423xx/CVE-2023-42321.json) (`2023-09-22T19:22:09.960`)
* [CVE-2023-42444](CVE-2023/CVE-2023-424xx/CVE-2023-42444.json) (`2023-09-22T19:22:42.097`)
* [CVE-2023-3892](CVE-2023/CVE-2023-38xx/CVE-2023-3892.json) (`2023-09-22T19:23:28.753`)
* [CVE-2023-41834](CVE-2023/CVE-2023-418xx/CVE-2023-41834.json) (`2023-09-22T19:24:02.097`)
* [CVE-2023-38876](CVE-2023/CVE-2023-388xx/CVE-2023-38876.json) (`2023-09-22T19:25:49.123`)
## Download and Usage