admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-29T16:00:25.697551+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-29 16:00:29 +00:00
parent 303b7ade28
commit 1241fa2106
62 changed files with 2398 additions and 282 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CVE-2021/CVE-2021-12xx/CVE-2021-1233.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1233",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T21:15:11.943",
"lastModified": "2021-01-27T20:50:18.843",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -172,7 +172,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -180,13 +179,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1241.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1241",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T21:15:12.100",
"lastModified": "2021-01-27T20:26:37.133",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -216,7 +216,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -224,13 +223,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1260.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1260",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:14.643",
"lastModified": "2021-01-29T14:33:32.230",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -206,7 +206,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -214,13 +213,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1261.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1261",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:14.800",
"lastModified": "2021-01-29T14:47:36.217",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -206,7 +206,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -214,13 +213,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1262.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1262",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:14.970",
"lastModified": "2021-01-29T13:54:31.010",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -176,7 +176,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -184,13 +183,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1263.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1263",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:15.127",
"lastModified": "2021-01-29T13:51:59.600",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -206,7 +206,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -214,13 +213,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1273.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1273",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:15.923",
"lastModified": "2021-01-27T20:53:37.600",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -216,7 +216,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -224,13 +223,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1274.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1274",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:15.970",
"lastModified": "2022-08-05T18:29:29.510",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -226,7 +226,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -234,13 +233,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1278.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1278",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.173",
"lastModified": "2022-08-05T18:29:18.493",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -226,7 +226,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -234,13 +233,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1279",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.253",
"lastModified": "2022-08-05T18:29:07.830",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -226,7 +226,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -234,13 +233,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1298.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1298",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.643",
"lastModified": "2021-01-27T20:55:16.303",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -206,7 +206,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -214,13 +213,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-12xx/CVE-2021-1299.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1299",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.720",
"lastModified": "2021-01-27T20:55:33.930",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -206,7 +206,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -214,13 +213,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-13xx/CVE-2021-1300.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1300",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.800",
"lastModified": "2021-01-27T20:55:52.960",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -196,7 +196,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -204,13 +203,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

11
CVE-2021/CVE-2021-13xx/CVE-2021-1301.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1301",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.877",
"lastModified": "2022-08-05T18:28:42.327",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -196,7 +196,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -204,13 +203,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
]
}

6
CVE-2021/CVE-2021-13xx/CVE-2021-1302.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1302",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.970",
"lastModified": "2021-01-29T14:50:48.410",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,8 +116,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
}
]
}

6
CVE-2021/CVE-2021-13xx/CVE-2021-1304.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1304",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:17.127",
"lastModified": "2021-01-29T15:22:53.340",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,8 +116,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
}
]
}

11
CVE-2021/CVE-2021-436xx/CVE-2021-43618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43618",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-11-15T04:15:06.873",
"lastModified": "2022-12-08T22:15:02.090",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T15:15:10.040",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -77,7 +77,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -94,7 +93,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -110,7 +108,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -310,6 +307,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-13",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221111-0001/",
"source": "cve@mitre.org",

30
CVE-2022/CVE-2022-05xx/CVE-2022-0543.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-0543",
"sourceIdentifier": "security@debian.org",
"published": "2022-02-18T20:15:17.583",
"lastModified": "2022-06-05T02:35:48.770",
"lastModified": "2023-09-29T15:55:24.533",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2022-03-28",
"cisaActionDue": "2022-04-18",
@ -74,13 +74,14 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -92,27 +93,33 @@
"matchCriteriaId": "5EBE5E1C-C881-4A76-9E36-4FB7C48427E6"
}
]
}
]
},
{
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"vulnerable": false,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
{
"vulnerable": true,
"vulnerable": false,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"vulnerable": false,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
@ -127,7 +134,8 @@
"source": "security@debian.org",
"tags": [
"Exploit",
"Third Party Advisory"
"Third Party Advisory",
"VDB Entry"
]
},
{

12
CVE-2022/CVE-2022-207xx/CVE-2022-20716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-20716",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.063",
"lastModified": "2023-06-27T19:00:51.187",
"lastModified": "2023-09-29T15:03:41.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -114,6 +114,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_solution:-:*:*:*:*:*:*:*",
@ -134,11 +139,6 @@
"criteria": "cpe:2.3:a:cisco:sd-wan_vedge_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E751F057-CC4E-49AF-BFFE-1C08A0AFEDBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA831FC0-AE58-4F6C-9455-8578BBA87A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_vsmart_controller_software:-:*:*:*:*:*:*:*",

51
CVE-2023/CVE-2023-254xx/CVE-2023-25483.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25483",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:47.587",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T15:11:01.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <=\u00a02.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en Ankit Agarwal, complemento Priyanshu Mittal Easy Coming Soon en versiones &lt;= 2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycomingsoon:easy_coming_soon:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3",
"matchCriteriaId": "DD250DCB-B481-4902-8637-762A8C364E5C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-coming-soon/wordpress-easy-coming-soon-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-273xx/CVE-2023-27320.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-28T18:15:10.547",
"lastModified": "2023-04-13T17:15:14.277",
"lastModified": "2023-09-29T14:15:09.913",
"vulnStatus": "Modified",
"descriptions": [
{
@ -133,6 +133,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-12",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230413-0009/",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-284xx/CVE-2023-28486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-16T01:15:47.003",
"lastModified": "2023-04-20T09:15:10.427",
"lastModified": "2023-09-29T14:15:10.033",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"Release Notes"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-12",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-284xx/CVE-2023-28487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-16T01:15:47.067",
"lastModified": "2023-04-20T09:15:10.490",
"lastModified": "2023-09-29T14:15:10.113",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"Release Notes"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-12",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/",
"source": "cve@mitre.org"

55
CVE-2023/CVE-2023-393xx/CVE-2023-39308.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39308",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.183",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <=\u00a01.0.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-userfeedback-lite-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

72
CVE-2023/CVE-2023-393xx/CVE-2023-39347.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39347",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:18:55.747",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T15:54:47.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys."
},
{
"lang": "es",
"value": "Cilium es una soluci\u00f3n de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Un atacante con la capacidad de actualizar las etiquetas de los pods puede hacer que Cilium aplique pol\u00edticas de red incorrectas. Este problema surge debido al hecho de que en la actualizaci\u00f3n del pod, Cilium utiliza incorrectamente etiquetas de pod proporcionadas por el usuario para seleccionar las pol\u00edticas que se aplican a la carga de trabajo en cuesti\u00f3n. Esto puede afectar las pol\u00edticas de red de Cilium que usan el espacio de nombres, la cuenta de servicio o las construcciones de cl\u00faster para restringir el tr\u00e1fico, las pol\u00edticas de red de todo el cl\u00faster de Cilium que usan etiquetas de espacio de nombres de Cilium para seleccionar las pol\u00edticas de red de Pod y Kubernetes. Se pueden proporcionar nombres de construcciones inexistentes, que omiten todas las pol\u00edticas de red aplicables a la construcci\u00f3n. Por ejemplo, proporcionar un pod con un espacio de nombres inexistente como valor de la etiqueta `io.kubernetes.pod.namespace` da como resultado que ninguna de las CiliumNetworkPolicies con espacios de nombres se aplique al pod en cuesti\u00f3n. Este ataque requiere que el atacante tenga acceso al servidor API de Kubernetes, como se describe en el modelo de amenazas de Cilium. Este problema se resolvi\u00f3 en: Cilium versiones 1.14.2, 1.13.7 y 1.12.14. Se recomienda a los usuarios que actualicen. Como workaround, se puede utilizar un webhook de admisi\u00f3n para evitar actualizaciones de etiquetas de pod en las claves `k8s:io.kubernetes.pod.namespace` y `io.cilium.k8s.policy.*`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12.14",
"matchCriteriaId": "35ABDE15-4D2F-4F82-BA90-6529DBA75C4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.7",
"matchCriteriaId": "FAD54EC5-459F-43CF-8C36-BB84717CD640"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.14.0",
"versionEndExcluding": "1.14.2",
"matchCriteriaId": "F8854A94-3A9D-4BCD-AC5C-2D8AEF70AA40"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.cilium.io/en/latest/security/threat-model/#kubernetes-api-server-attacker",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
]
},
{
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-gj2r-phwg-6rww",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-40xx/CVE-2023-4003.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4003",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-27T15:19:39.847",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T15:59:09.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nOne Identity Password Manager version 5.9.7.1 -\u00a0An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. \n\n"
},
{
"lang": "es",
"value": "One Identity Password Manager versi\u00f3n 5.9.7.1: un atacante no autenticado con acceso f\u00edsico a una estaci\u00f3n de trabajo puede actualizar los privilegios a SISTEMA mediante un m\u00e9todo no especificado. CWE-250: Ejecuci\u00f3n con privilegios innecesarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -46,10 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oneidentity:password_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9.7.1",
"versionEndExcluding": "5.11.2",
"matchCriteriaId": "9C911BCD-03AB-4B17-AAED-7DCE8D1ACA0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oneidentity:password_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.0",
"versionEndExcluding": "5.12.2",
"matchCriteriaId": "292DBD21-4989-4DE2-BA8C-94AE00F7722B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41655.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41655",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.273",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <=\u00a02.5.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/authldap/wordpress-authldap-plugin-2-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41657.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41657",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.350",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <=\u00a02.3.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/holler-box/wordpress-hollerbox-plugin-2-3-2-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41658.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41658",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.423",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=\u00a01.0.13 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-responsive-photo-gallery/wordpress-photo-gallery-slideshow-masonry-tiled-gallery-plugin-1-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41661.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41661",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.500",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00a03.1.35 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41662.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41662",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.573",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <=\u00a04.4.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-dtree-30/wordpress-wp-dtree-plugin-4-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41663.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41663",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.650",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <=\u00a01.6.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-bannerize-pro/wordpress-wp-bannerize-pro-plugin-1-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41666.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41666",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.723",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <=\u00a02.9.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/stock-quotes-list/wordpress-stock-quotes-list-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41687.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41687",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.797",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <=\u00a02.4.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/goods-catalog/wordpress-goods-catalog-plugin-2-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41691.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41691",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.870",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <=\u00a06.3.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-pensopay/wordpress-woocommerce-pensopay-plugin-6-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

64
CVE-2023/CVE-2023-424xx/CVE-2023-42461.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42461",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:32.637",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T14:36:16.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. El campo de entrada de actores ITIL del formulario Ticket se puede utilizar para realizar una inyecci\u00f3n SQL. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,44 @@
"value": "CWE-89"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "AC43FDD9-D833-4957-830E-F6557428DB4E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-424xx/CVE-2023-42462.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42462",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:32.717",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T14:05:08.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. El proceso de carga de documentos se puede desviar para eliminar algunos archivos. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "AC43FDD9-D833-4957-830E-F6557428DB4E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-426xx/CVE-2023-42657.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42657",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:19:32.983",
"lastModified": "2023-09-27T16:21:29.793",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T14:34:24.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.\u00a0 An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.\u00a0 Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.\n"
},
{
"lang": "es",
"value": "En las versiones del servidor WS_FTP anteriores a 8.7.4 y 8.8.2, se descubri\u00f3 una vulnerabilidad de directory traversal. Un atacante podr\u00eda aprovechar esta vulnerabilidad para realizar operaciones de archivos (delete, rename, rmdir, mkdir) en archivos y carpetas fuera de su ruta de carpeta WS_FTP autorizada. Los atacantes tambi\u00e9n podr\u00edan escapar del contexto de la estructura de archivos del servidor WS_FTP y realizar el mismo nivel de operaciones (delete, rename, rmdir, mkdir) en ubicaciones de archivos y carpetas en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.7.4",
"matchCriteriaId": "443CCFDE-4A61-40F1-96C1-B36BF9240773"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.8.0",
"versionEndExcluding": "8.8.2",
"matchCriteriaId": "DC67BDC1-AAF5-41B9-8087-4E636A0D597C"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

58
CVE-2023/CVE-2023-428xx/CVE-2023-42819.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42819",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:33.143",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T14:42:30.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "JumpServer es un host bastionado de c\u00f3digo abierto. Los usuarios que hayan iniciado sesi\u00f3n pueden acceder y modificar el contenido de cualquier archivo del sistema. Un usuario puede utilizar el men\u00fa 'Job-Template' y crear un playbook llamado 'test'. Obtenga la identificaci\u00f3n del playbook en la p\u00e1gina de detalles, como 'e0adabef-c38f-492d-bd92-832bacc3df5f'. Un atacante puede aprovechar la falla de directory traversal utilizando la URL proporcionada para acceder y recuperar el contenido del archivo. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../ ../etc/passwd` tambi\u00e9n est\u00e1 presente un m\u00e9todo similar para modificar el contenido del archivo. Este problema se solucion\u00f3 en la versi\u00f3n 3.6.5. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.6.5",
"matchCriteriaId": "3102E381-1725-4710-BA7F-F41189347AFE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/commit/d0321a74f1713d031560341c8fd0a1859e6510d8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-ghg2-2whp-6m33",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-428xx/CVE-2023-42820.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42820",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:33.227",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T15:04:32.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue."
},
{
"lang": "es",
"value": "JumpServer es un host bastionado de c\u00f3digo abierto. Esta vulnerabilidad se debe a la exposici\u00f3n de la seed de n\u00famero aleatorio a la API, lo que potencialmente permite que se reproduzcan los c\u00f3digos de verificaci\u00f3n generados aleatoriamente, lo que podr\u00eda provocar restablecimientos de contrase\u00f1a. Si MFA est\u00e1 habilitado, los usuarios no se ven afectados. Los usuarios que no utilizan la autenticaci\u00f3n local tampoco se ven afectados. Se recomienda a los usuarios que actualicen a la versi\u00f3n 2.28.19 o 3.6.5. No se conocen soluciones para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.24.0",
"versionEndExcluding": "2.28.19",
"matchCriteriaId": "B7BF12DA-F3E0-44F2-99DB-E983B84FE42C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.6.5",
"matchCriteriaId": "3102E381-1725-4710-BA7F-F41189347AFE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/commit/42337f0d00b2a8d45ef063eb5b7deeef81597da5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7prv-g565-82qp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-433xx/CVE-2023-43381.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-43381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:34.050",
"lastModified": "2023-09-27T15:41:20.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T15:29:07.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php"
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Tianchoy Blog v.1.8.8 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s del par\u00e1metro id en login.php"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tianchoy:blog:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D82D6C2D-0FA8-418F-98B0-1A649AC19B1C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Chiaki2333/59ef607c3eb3a7b4db1537705d05e4d1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/Chiaki2333/vulnerability/blob/main/tianchoy-blog-sql-login.php.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-437xx/CVE-2023-43740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43740",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.110",
"lastModified": "2023-09-29T04:19:01.990",
"lastModified": "2023-09-29T15:15:10.227",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]"
"value": "Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of\nadmin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting\nthe application.\n"
},
{
"lang": "es",
"value": "Online Book Store Project v1.0 es vulnerable a una vulnerabilidad de carga de archivos insegura en el par\u00e1metro 'imagen' de la p\u00e1gina admin_edit.php, lo que permite a un atacante autenticado obtener la ejecuci\u00f3n remota de c\u00f3digo en el servidor que aloja la aplicaci\u00f3n."
}
],
"metrics": {

85
CVE-2023/CVE-2023-438xx/CVE-2023-43869.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-43869",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T13:15:09.850",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T14:06:04.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function."
},
{
"lang": "es",
"value": "D-Link DIR-619L B1 2.02 es vulnerable al desbordamiento del b\u00fafer a trav\u00e9s de la funci\u00f3n formSetWAN_Wizard56."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-619l_firmware:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C992E2C9-56E9-4A4D-927D-5DF9DE67B51B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F28B093-482C-4105-A89D-8B1F1FFD59E9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-439xx/CVE-2023-43909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43909",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T13:15:10.193",
"lastModified": "2023-09-29T13:15:10.193",
"vulnStatus": "Received",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-439xx/CVE-2023-43944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43944",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T13:15:10.247",
"lastModified": "2023-09-29T13:15:10.247",
"vulnStatus": "Received",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

84
CVE-2023/CVE-2023-45xx/CVE-2023-4523.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4523",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-27T19:15:12.373",
"lastModified": "2023-09-28T12:44:18.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T15:39:05.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nReal Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.\n\n"
},
{
"lang": "es",
"value": "Los productos Real Time Automation Serie 460 con versiones anteriores a la v8.9.8 son vulnerables a Cross-Site Scripting (XSS), lo que podr\u00eda permitir a un atacante ejecutar cualquier referencia de JavaScript desde la cadena URL. Si esto ocurriera, la interfaz HTTP de la puerta de enlace redirigir\u00eda a la p\u00e1gina principal, que es index.htm."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +70,64 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rtautomation:460_series_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.9.8",
"matchCriteriaId": "C4FDC938-0147-4234-A952-0787C371E2DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rtautomation:460etcmm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1F8BBC-0375-4EF8-A2B7-06CAE092672E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rtautomation:460mcbms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B3529A-8801-4703-BC36-224F58E314B4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rtautomation:460mcbs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3677DE5-0183-41AB-9A47-AA7413B55948"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rtautomation:460mmbms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CACBF19-7A0A-4632-985C-44A677454F52"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rtautomation:460mmbs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20F5B7AC-5BD2-432D-91FE-BACB5DABAFD3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

54
CVE-2023/CVE-2023-47xx/CVE-2023-4702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4702",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-14T20:15:12.373",
"lastModified": "2023-09-19T18:38:11.833",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T14:15:10.953",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -35,47 +55,27 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
"value": "CWE-288"
}
]
},
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
"value": "CWE-306"
}
]
}

54
CVE-2023/CVE-2023-49xx/CVE-2023-4972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4972",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-14T20:15:13.403",
"lastModified": "2023-09-19T20:00:25.687",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T14:15:11.070",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -35,47 +55,27 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-269"
}
]
},
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "NVD-CWE-noinfo"
}
]
}

74
CVE-2023/CVE-2023-51xx/CVE-2023-5161.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5161",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-27T15:19:41.880",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T15:44:13.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Modal Window para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de c\u00f3digos cortos en versiones hasta la 5.3.5 inclusive debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,26 +70,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wow-company:modal_window:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.3.5",
"matchCriteriaId": "C376E541-788D-4E01-8605-09C2090394C5"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/modal-window/tags/5.3.5/public/class-public.php#L73",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/modal-window/tags/5.3.5/public/shortcode.php#L53",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2971132/modal-window#file195",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2971132/modal-window#file196",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-51xx/CVE-2023-5169.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5169",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-27T15:19:42.127",
"lastModified": "2023-09-29T04:15:11.267",
"lastModified": "2023-09-29T15:15:10.350",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846685",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5506",
"source": "security@mozilla.org"

6
CVE-2023/CVE-2023-51xx/CVE-2023-5171.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5171",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-27T15:19:42.227",
"lastModified": "2023-09-29T04:15:11.350",
"lastModified": "2023-09-29T15:15:10.407",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1851599",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5506",
"source": "security@mozilla.org"

107
CVE-2023/CVE-2023-51xx/CVE-2023-5174.json
View File

@ -2,31 +2,124 @@
"id": "CVE-2023-5174",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-27T15:19:42.457",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T14:19:44.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.\n*This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3."
},
{
"lang": "es",
"value": "Si Windows no pudo duplicar un identificador durante la creaci\u00f3n del proceso, es posible que el c\u00f3digo de la sandbox puede haber liberado inadvertidamente un puntero dos veces, lo que result\u00f3 en un use-after-free y un bloqueo potencialmente explotable. *Este error s\u00f3lo afecta a Firefox en Windows cuando se ejecuta en configuraciones no est\u00e1ndar (como el uso de `runas`). Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox &lt; 118, Firefox ESR &lt; 115.3 y Thunderbird &lt; 115.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118",
"matchCriteriaId": "2216A424-94E2-45E7-BB95-646BFC8182E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3",
"matchCriteriaId": "EED826DF-6AB2-4D04-A4FC-A90EFDCB5EB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3",
"matchCriteriaId": "3ED03DF1-442F-4750-84BF-8C37C606843A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1848454",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-41/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-42/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-43/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

124
CVE-2023/CVE-2023-51xx/CVE-2023-5176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5176",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-27T15:19:42.767",
"lastModified": "2023-09-29T04:15:11.440",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T15:17:46.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,135 @@
"value": "Errores de seguridad de la memoria presentes en Firefox 117, Firefox ESR 115.2 y Thunderbird 115.2. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 118, Firefox ESR &lt; 115.3 y Thunderbird &lt; 115.3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118",
"matchCriteriaId": "2216A424-94E2-45E7-BB95-646BFC8182E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3",
"matchCriteriaId": "EED826DF-6AB2-4D04-A4FC-A90EFDCB5EB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3",
"matchCriteriaId": "3ED03DF1-442F-4750-84BF-8C37C606843A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html",
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5506",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-41/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-42/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-43/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.980",
"lastModified": "2023-09-29T00:15:12.767",
"lastModified": "2023-09-29T15:15:10.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en la codificaci\u00f3n vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
@ -20,6 +24,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/6",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/1",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/2",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html",
"source": "chrome-cve-admin@google.com"

92
CVE-2023/CVE-2023-52xx/CVE-2023-5262.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-5262",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T14:15:11.163",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRapid/rapidcms/issues/10",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/yhy217/rapidcms-vul/issues/5",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240871",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240871",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5263.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5263",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T14:15:11.250",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-275"
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/zzzcms-vul/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240872",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240872",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5264.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5264",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.593",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/huakecms-vul/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240877",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240877",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5265.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5265",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.670",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/YaGaoT/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240878",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240878",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-52xx/CVE-2023-5266.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-5266",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.750",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/dedebiz--vul/blob/main/time_injection.zip",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/yhy217/dedebiz--vul/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240879",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240879",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5267.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5267",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.823",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/kpz-wm/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240880",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240880",
"source": "cna@vuldb.com"
}
]
}

59
CVE-2023/CVE-2023-52xx/CVE-2023-5289.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5289",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-29T14:15:11.323",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/ikus060/rdiffweb/commit/06f89b43469aae70e8833e55192721523f86c5a2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/8d0e0804-d3fd-49fe-bfa4-7a91135767ce",
"source": "security@huntr.dev"
}
]
}

84
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-29T14:00:24.671501+00:00
2023-09-29T16:00:25.697551+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-29T13:56:15.203000+00:00
2023-09-29T15:59:09.023000+00:00
```
### Last Data Feed Release
@ -29,51 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226592
226609
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `17`
* [CVE-2023-5258](CVE-2023/CVE-2023-52xx/CVE-2023-5258.json) (`2023-09-29T12:15:13.093`)
* [CVE-2023-5259](CVE-2023/CVE-2023-52xx/CVE-2023-5259.json) (`2023-09-29T12:15:13.203`)
* [CVE-2023-5260](CVE-2023/CVE-2023-52xx/CVE-2023-5260.json) (`2023-09-29T12:15:13.287`)
* [CVE-2023-5261](CVE-2023/CVE-2023-52xx/CVE-2023-5261.json) (`2023-09-29T12:15:13.360`)
* [CVE-2023-5288](CVE-2023/CVE-2023-52xx/CVE-2023-5288.json) (`2023-09-29T12:15:13.437`)
* [CVE-2023-43909](CVE-2023/CVE-2023-439xx/CVE-2023-43909.json) (`2023-09-29T13:15:10.193`)
* [CVE-2023-43944](CVE-2023/CVE-2023-439xx/CVE-2023-43944.json) (`2023-09-29T13:15:10.247`)
* [CVE-2023-39308](CVE-2023/CVE-2023-393xx/CVE-2023-39308.json) (`2023-09-29T14:15:10.183`)
* [CVE-2023-41655](CVE-2023/CVE-2023-416xx/CVE-2023-41655.json) (`2023-09-29T14:15:10.273`)
* [CVE-2023-41657](CVE-2023/CVE-2023-416xx/CVE-2023-41657.json) (`2023-09-29T14:15:10.350`)
* [CVE-2023-41658](CVE-2023/CVE-2023-416xx/CVE-2023-41658.json) (`2023-09-29T14:15:10.423`)
* [CVE-2023-41661](CVE-2023/CVE-2023-416xx/CVE-2023-41661.json) (`2023-09-29T14:15:10.500`)
* [CVE-2023-41662](CVE-2023/CVE-2023-416xx/CVE-2023-41662.json) (`2023-09-29T14:15:10.573`)
* [CVE-2023-41663](CVE-2023/CVE-2023-416xx/CVE-2023-41663.json) (`2023-09-29T14:15:10.650`)
* [CVE-2023-41666](CVE-2023/CVE-2023-416xx/CVE-2023-41666.json) (`2023-09-29T14:15:10.723`)
* [CVE-2023-41687](CVE-2023/CVE-2023-416xx/CVE-2023-41687.json) (`2023-09-29T14:15:10.797`)
* [CVE-2023-41691](CVE-2023/CVE-2023-416xx/CVE-2023-41691.json) (`2023-09-29T14:15:10.870`)
* [CVE-2023-5262](CVE-2023/CVE-2023-52xx/CVE-2023-5262.json) (`2023-09-29T14:15:11.163`)
* [CVE-2023-5263](CVE-2023/CVE-2023-52xx/CVE-2023-5263.json) (`2023-09-29T14:15:11.250`)
* [CVE-2023-5289](CVE-2023/CVE-2023-52xx/CVE-2023-5289.json) (`2023-09-29T14:15:11.323`)
* [CVE-2023-5264](CVE-2023/CVE-2023-52xx/CVE-2023-5264.json) (`2023-09-29T15:15:10.593`)
* [CVE-2023-5265](CVE-2023/CVE-2023-52xx/CVE-2023-5265.json) (`2023-09-29T15:15:10.670`)
* [CVE-2023-5266](CVE-2023/CVE-2023-52xx/CVE-2023-5266.json) (`2023-09-29T15:15:10.750`)
* [CVE-2023-5267](CVE-2023/CVE-2023-52xx/CVE-2023-5267.json) (`2023-09-29T15:15:10.823`)
### CVEs modified in the last Commit
Recently modified CVEs: `39`
Recently modified CVEs: `44`
* [CVE-2023-3922](CVE-2023/CVE-2023-39xx/CVE-2023-3922.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5198](CVE-2023/CVE-2023-51xx/CVE-2023-5198.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-3413](CVE-2023/CVE-2023-34xx/CVE-2023-3413.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5159](CVE-2023/CVE-2023-51xx/CVE-2023-5159.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5193](CVE-2023/CVE-2023-51xx/CVE-2023-5193.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5194](CVE-2023/CVE-2023-51xx/CVE-2023-5194.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5195](CVE-2023/CVE-2023-51xx/CVE-2023-5195.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5196](CVE-2023/CVE-2023-51xx/CVE-2023-5196.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-5257](CVE-2023/CVE-2023-52xx/CVE-2023-5257.json) (`2023-09-29T12:45:25.177`)
* [CVE-2023-26146](CVE-2023/CVE-2023-261xx/CVE-2023-26146.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-26147](CVE-2023/CVE-2023-261xx/CVE-2023-26147.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-26148](CVE-2023/CVE-2023-261xx/CVE-2023-26148.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-44464](CVE-2023/CVE-2023-444xx/CVE-2023-44464.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-30591](CVE-2023/CVE-2023-305xx/CVE-2023-30591.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-44466](CVE-2023/CVE-2023-444xx/CVE-2023-44466.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-2233](CVE-2023/CVE-2023-22xx/CVE-2023-2233.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-3115](CVE-2023/CVE-2023-31xx/CVE-2023-3115.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-3906](CVE-2023/CVE-2023-39xx/CVE-2023-3906.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-3914](CVE-2023/CVE-2023-39xx/CVE-2023-3914.json) (`2023-09-29T12:45:33.353`)
* [CVE-2023-5192](CVE-2023/CVE-2023-51xx/CVE-2023-5192.json) (`2023-09-29T13:00:15.310`)
* [CVE-2023-0989](CVE-2023/CVE-2023-09xx/CVE-2023-0989.json) (`2023-09-29T13:15:10.103`)
* [CVE-2023-5173](CVE-2023/CVE-2023-51xx/CVE-2023-5173.json) (`2023-09-29T13:34:59.930`)
* [CVE-2023-5175](CVE-2023/CVE-2023-51xx/CVE-2023-5175.json) (`2023-09-29T13:46:01.483`)
* [CVE-2023-42487](CVE-2023/CVE-2023-424xx/CVE-2023-42487.json) (`2023-09-29T13:53:37.567`)
* [CVE-2023-41332](CVE-2023/CVE-2023-413xx/CVE-2023-41332.json) (`2023-09-29T13:56:15.203`)
* [CVE-2023-42462](CVE-2023/CVE-2023-424xx/CVE-2023-42462.json) (`2023-09-29T14:05:08.350`)
* [CVE-2023-43869](CVE-2023/CVE-2023-438xx/CVE-2023-43869.json) (`2023-09-29T14:06:04.873`)
* [CVE-2023-27320](CVE-2023/CVE-2023-273xx/CVE-2023-27320.json) (`2023-09-29T14:15:09.913`)
* [CVE-2023-28486](CVE-2023/CVE-2023-284xx/CVE-2023-28486.json) (`2023-09-29T14:15:10.033`)
* [CVE-2023-28487](CVE-2023/CVE-2023-284xx/CVE-2023-28487.json) (`2023-09-29T14:15:10.113`)
* [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-09-29T14:15:10.953`)
* [CVE-2023-4972](CVE-2023/CVE-2023-49xx/CVE-2023-4972.json) (`2023-09-29T14:15:11.070`)
* [CVE-2023-5174](CVE-2023/CVE-2023-51xx/CVE-2023-5174.json) (`2023-09-29T14:19:44.087`)
* [CVE-2023-42657](CVE-2023/CVE-2023-426xx/CVE-2023-42657.json) (`2023-09-29T14:34:24.630`)
* [CVE-2023-42461](CVE-2023/CVE-2023-424xx/CVE-2023-42461.json) (`2023-09-29T14:36:16.040`)
* [CVE-2023-42819](CVE-2023/CVE-2023-428xx/CVE-2023-42819.json) (`2023-09-29T14:42:30.233`)
* [CVE-2023-42820](CVE-2023/CVE-2023-428xx/CVE-2023-42820.json) (`2023-09-29T15:04:32.443`)
* [CVE-2023-25483](CVE-2023/CVE-2023-254xx/CVE-2023-25483.json) (`2023-09-29T15:11:01.933`)
* [CVE-2023-43740](CVE-2023/CVE-2023-437xx/CVE-2023-43740.json) (`2023-09-29T15:15:10.227`)
* [CVE-2023-5169](CVE-2023/CVE-2023-51xx/CVE-2023-5169.json) (`2023-09-29T15:15:10.350`)
* [CVE-2023-5171](CVE-2023/CVE-2023-51xx/CVE-2023-5171.json) (`2023-09-29T15:15:10.407`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-29T15:15:10.537`)
* [CVE-2023-5176](CVE-2023/CVE-2023-51xx/CVE-2023-5176.json) (`2023-09-29T15:17:46.987`)
* [CVE-2023-43381](CVE-2023/CVE-2023-433xx/CVE-2023-43381.json) (`2023-09-29T15:29:07.093`)
* [CVE-2023-4523](CVE-2023/CVE-2023-45xx/CVE-2023-4523.json) (`2023-09-29T15:39:05.767`)
* [CVE-2023-5161](CVE-2023/CVE-2023-51xx/CVE-2023-5161.json) (`2023-09-29T15:44:13.007`)
* [CVE-2023-43909](CVE-2023/CVE-2023-439xx/CVE-2023-43909.json) (`2023-09-29T15:52:15.247`)
* [CVE-2023-43944](CVE-2023/CVE-2023-439xx/CVE-2023-43944.json) (`2023-09-29T15:52:15.247`)
* [CVE-2023-39347](CVE-2023/CVE-2023-393xx/CVE-2023-39347.json) (`2023-09-29T15:54:47.300`)
* [CVE-2023-4003](CVE-2023/CVE-2023-40xx/CVE-2023-4003.json) (`2023-09-29T15:59:09.023`)
## Download and Usage