admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-11T20:00:25.410243+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-11 20:00:29 +00:00
parent 5620ae0fba
commit 187dfb668d
92 changed files with 3901 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CVE-2018/CVE-2018-115xx/CVE-2018-11574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-11574",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-06-14T20:29:00.253",
"lastModified": "2020-02-24T15:55:33.380",
"vulnStatus": "Modified",
"lastModified": "2023-09-11T19:43:56.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -88,8 +88,34 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD38BEC-91CE-4F96-860E-14BEE99C1BE0"
"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.9",
"matchCriteriaId": "4AE8280C-9E3A-44B0-BB50-34D43C036B40"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
}
]
}
@ -108,7 +134,10 @@
},
{
"url": "https://usn.ubuntu.com/3810-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2020/CVE-2020-101xx/CVE-2020-10129.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2020-10129",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.727",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:05:03.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
@ -23,10 +56,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.1",
"matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Release Notes"
]
}
]
}

62
CVE-2020/CVE-2020-101xx/CVE-2020-10130.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2020-10130",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.847",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:04:41.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
@ -23,10 +56,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1",
"matchCriteriaId": "D217B14E-5241-4ECC-BBC9-DE0C1E7845C5"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Release Notes"
]
}
]
}

62
CVE-2020/CVE-2020-101xx/CVE-2020-10131.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2020-10131",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.913",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:04:07.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in \"Featured Results\" parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
@ -23,10 +56,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.1",
"matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-921",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Release Notes"
]
}
]
}

62
CVE-2020/CVE-2020-101xx/CVE-2020-10132.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2020-10132",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.987",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:03:42.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
@ -23,10 +56,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1",
"matchCriteriaId": "D217B14E-5241-4ECC-BBC9-DE0C1E7845C5"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Release Notes"
]
}
]
}

20
CVE-2020/CVE-2020-193xx/CVE-2020-19318.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-19318",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T18:15:09.107",
"lastModified": "2023-09-11T19:08:33.020",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hhhhu8045759/dir_605L-stack-overflow/blob/master/README.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-193xx/CVE-2020-19319.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-19319",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.250",
"lastModified": "2023-09-11T19:15:41.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hhhhu8045759/dir_619l-buffer-overflow",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-193xx/CVE-2020-19320.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-19320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.367",
"lastModified": "2023-09-11T19:15:41.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hhhhu8045759/dlink-619l-buffer_overflow",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-193xx/CVE-2020-19323.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-19323",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.437",
"lastModified": "2023-09-11T19:15:41.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hhhhu8045759/619L_upnpd_heapoverflow",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-195xx/CVE-2020-19559.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-19559",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.500",
"lastModified": "2023-09-11T19:15:41.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9",
"source": "cve@mitre.org"
}
]
}

4
CVE-2020/CVE-2020-240xx/CVE-2020-24088.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-24088",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:15:52.357",
"lastModified": "2023-09-11T15:15:52.357",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

111
CVE-2021/CVE-2021-360xx/CVE-2021-36021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-36021",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-06T14:15:08.767",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:05:41.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*",
"matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*",
"matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*",
"matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*",
"matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*",
"matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2021/CVE-2021-360xx/CVE-2021-36023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-36023",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-06T14:15:08.950",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:05:35.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -46,10 +66,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*",
"matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*",
"matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*",
"matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*",
"matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*",
"matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2021/CVE-2021-360xx/CVE-2021-36036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-36036",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-06T14:15:09.110",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:05:15.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -46,10 +66,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*",
"matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*",
"matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*",
"matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*",
"matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*",
"matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2021/CVE-2021-360xx/CVE-2021-36060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-36060",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-06T14:15:09.283",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:04:06.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.4",
"matchCriteriaId": "8834BF85-8F99-4DB9-AA68-ED14A766E719"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2021/CVE-2021-366xx/CVE-2021-36646.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-36646",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-06T17:15:49.873",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:06:39.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodexplorer:4.45:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDC782B-E8E9-4B75-AF51-2F3A90B7A6A1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/KodExplorer/issues/482",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

18
CVE-2021/CVE-2021-40xx/CVE-2021-4034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4034",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-01-28T20:15:12.193",
"lastModified": "2023-02-13T21:15:11.917",
"vulnStatus": "Modified",
"lastModified": "2023-09-11T19:45:38.343",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2022-06-27",
"cisaActionDue": "2022-07-18",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -72,6 +72,10 @@
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
@ -95,7 +99,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -104,14 +107,14 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A01DC7E2-1615-4AC8-9425-027F38C60C9D"
"versionEndExcluding": "121",
"matchCriteriaId": "F01D94C9-1E04-413B-8636-1AAC6D9E84D6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -287,7 +290,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -323,7 +325,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -374,7 +375,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -400,7 +400,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -445,7 +444,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

4
CVE-2022/CVE-2022-233xx/CVE-2022-23382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:15:52.553",
"lastModified": "2023-09-11T15:15:52.553",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-317xx/CVE-2022-31704.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31704",
"sourceIdentifier": "security@vmware.com",
"published": "2023-01-26T21:15:37.320",
"lastModified": "2023-02-01T16:57:33.947",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T19:15:41.590",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -73,6 +73,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html",
"source": "security@vmware.com"
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html",
"source": "security@vmware.com",

8
CVE-2022/CVE-2022-317xx/CVE-2022-31706.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31706",
"sourceIdentifier": "security@vmware.com",
"published": "2023-01-26T21:15:37.610",
"lastModified": "2023-02-01T16:58:38.557",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T19:15:41.703",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -73,6 +73,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html",
"source": "security@vmware.com"
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html",
"source": "security@vmware.com",

10
CVE-2022/CVE-2022-317xx/CVE-2022-31711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31711",
"sourceIdentifier": "security@vmware.com",
"published": "2023-01-26T21:15:38.270",
"lastModified": "2023-02-01T17:00:03.840",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T19:15:41.777",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "NVD-CWE-noinfo"
}
]
}
@ -73,6 +73,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html",
"source": "security@vmware.com"
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html",
"source": "security@vmware.com",

92
CVE-2023/CVE-2023-236xx/CVE-2023-23623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T21:15:08.977",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:02:53.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,76 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "EA67DC7F-0492-45A6-A585-C1F6BA8CB125"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "8313BBF8-2C7B-471E-B379-E8F587EB4F98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "9B73F495-8C0E-409E-86AC-2FC1A214AA9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "77E1E30F-0BAC-409B-B2D3-FF3B1FDCFE6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "6C556804-A20C-4E9F-8F4D-8E824A0032D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "F0995881-8E6C-4B2C-9F3A-F10668916039"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "EB9BD805-BAC9-425D-A590-28B0FB68C3F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "197DA034-183C-4407-BD95-B610CBF980A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "D14A589D-E6F7-4ED7-A123-C83633AC2004"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:23.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "8074214C-1787-46B6-A5CC-8DF31BC269EF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-274xx/CVE-2023-27470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:15:52.727",
"lastModified": "2023-09-11T15:15:52.727",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-281xx/CVE-2023-28198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28198",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.830",
"lastModified": "2023-08-19T00:43:25.777",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T18:15:09.477",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -78,6 +78,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

152
CVE-2023/CVE-2023-291xx/CVE-2023-29198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29198",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T21:15:11.560",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:58:07.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +64,138 @@
"value": "CWE-754"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "22.3.6",
"matchCriteriaId": "1C14CCD1-146F-4A22-B093-C9FEC8047E91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.2.3",
"matchCriteriaId": "B080AD66-1912-4AD2-BE21-B69935B4F04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "2635DE47-9315-4D0D-BA52-215D97A09BF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "800543E5-0E06-4E9B-A18D-9857524244D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "47E4540B-0EAE-41B8-878F-F22C3BDF0FE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "05448824-0FA1-41DF-938F-0FC5D82C9FE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "FDB7E385-A58F-4B91-B7EE-75475D65038C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "2ADACB20-163D-4BE0-AFD9-D93A5D58A910"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "8EEBC95D-093C-49BE-A309-DE544BCD698C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "501BF9A9-4EC1-485F-953B-E129252FC9B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "8F28A9E8-D1CD-476F-9BF7-F205B1FCDBC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "19F9825C-3265-411E-96E0-1C470D4F6830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "7CD55BDC-94ED-4ED8-905C-3AFBAB59AA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "E65B67F6-3AA6-4E7C-9290-C71A8CCB9A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "CC14A98C-9410-42A2-A71B-DC73C3855901"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "01B7E19C-F35A-4EAD-9640-926EE76E5FB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "509E7716-E3DB-4ABF-820D-514DEE59F251"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electronjs:electron:25.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "4F2529F8-84AF-4F04-BD1A-3C4A2AF49B6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-300xx/CVE-2023-30058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30058",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T16:15:07.560",
"lastModified": "2023-09-11T16:15:07.560",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

396
CVE-2023/CVE-2023-307xx/CVE-2023-30718.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30718",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:14.640",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:05:24.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -46,10 +76,370 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "8D2D0083-0A85-47F7-A42D-2040A3BEC132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0332BF16-0F1F-4733-ABCE-A1EA1366A5D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D7120696-2440-44EC-B3A4-6FCBB4A60A12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3658A42-BCA9-4188-8B36-3C6599BBF83C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D0E55E09-C2C9-43D1-8A1A-6D02F544E34A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "693D72EF-1531-4C15-B105-2DEBE02D30F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*",
"matchCriteriaId": "C26195A5-31BE-4116-8F31-9F25BE57AB52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C6114C5-C175-45E7-821E-6BA218F923DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "58BA232B-8D39-473A-91D0-D3AC03FDE8FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "25B42CE0-67DE-4611-8D70-DEEC975E32BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2EADA0-5976-4711-A7A5-61594F3E2FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "6B59145B-5506-477C-8F9C-ABB0CE2CF631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "AC082E25-1B7D-473D-A066-1463E6321CD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "655BEA94-9A83-4A56-8DDE-79ADC821C707"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "B894D0C1-E66E-44B0-8FCA-2EE4290C4173"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B088DE9-31F1-4737-8BC8-CC406F208ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "899F6BD2-47AF-4ADA-935D-90AB069E9BA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "60281652-A1DF-4EA4-8CD3-6DCA43F6162F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "C2592B14-B3B7-4C85-88E8-5E12F6F50ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "40A783AA-91E7-426B-8A78-4EBE5D69A602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4F46F8F7-0EBA-4D2F-AC53-4BB5956D7B87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BA51F5D5-D18D-426C-B09F-EE12CE11E9FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "53968A3C-6E71-42B8-8671-6730D8C85603"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FFB0F9B9-C60D-40CC-AC7D-FDB288EB2264"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "6C946853-D56D-457C-A1CB-AD1A5BD56C41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "1DD6CFD3-5341-4069-B4FC-A5E07F13A63F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BD8E899-427B-47D2-9168-446B0249868F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E923AF0F-34BA-40FE-AA20-B01366263B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "78B14D1F-C536-4816-A076-B074E41EB0A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2D00F4-B521-4D8F-84F8-DCE45B6349A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "548BCC15-C6D8-4AE7-B167-4DD74382097B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-30xx/CVE-2023-3090.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3090",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T20:15:09.693",
"lastModified": "2023-08-19T18:16:44.790",
"lastModified": "2023-09-11T19:15:43.253",
"vulnStatus": "Modified",
"descriptions": [
{
@ -111,6 +111,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "cve-coordination@google.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e",
"source": "cve-coordination@google.com",

24
CVE-2023/CVE-2023-310xx/CVE-2023-31067.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31067",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.873",
"lastModified": "2023-09-11T19:15:41.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\Clients\\www."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51679",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-310xx/CVE-2023-31068.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31068",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.927",
"lastModified": "2023-09-11T19:15:41.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\UserDesktop\\themes."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51680",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-310xx/CVE-2023-31069.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31069",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.983",
"lastModified": "2023-09-11T19:15:41.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51681",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-312xx/CVE-2023-31248.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31248",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-05T19:15:09.713",
"lastModified": "2023-08-02T17:15:10.493",
"lastModified": "2023-09-11T19:15:42.037",
"vulnStatus": "Modified",
"descriptions": [
{
@ -136,6 +136,10 @@
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "security@ubuntu.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/05/2",
"source": "security@ubuntu.com",

24
CVE-2023/CVE-2023-314xx/CVE-2023-31468.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31468",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:42.173",
"lastModified": "2023-09-11T19:15:42.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The \"%PROGRAMFILES(X86)%\\INOSOFT GmbH\" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51682",
"source": "cve@mitre.org"
}
]
}

61
CVE-2023/CVE-2023-321xx/CVE-2023-32162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32162",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-09-06T05:15:42.243",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:53:22.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +68,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wacom:driver:6.3.45-1:*:*:*:*:*:*:*",
"matchCriteriaId": "26E56854-D72B-4447-9341-09B948EFAEBB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-741",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2023/CVE-2023-321xx/CVE-2023-32163.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32163",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-09-06T05:15:42.347",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:52:49.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +68,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wacom:driver:6.3.45-1:*:*:*:*:*:*:*",
"matchCriteriaId": "26E56854-D72B-4447-9341-09B948EFAEBB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-742",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

8
CVE-2023/CVE-2023-323xx/CVE-2023-32370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32370",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-06T02:15:09.070",
"lastModified": "2023-09-08T15:52:01.343",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T18:15:09.927",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -66,6 +66,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com",

14
CVE-2023/CVE-2023-325xx/CVE-2023-32559.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32559",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-24T02:15:09.210",
"lastModified": "2023-09-01T17:05:35.170",
"lastModified": "2023-09-11T19:11:58.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]

76
CVE-2023/CVE-2023-326xx/CVE-2023-32629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32629",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-26T02:15:09.413",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:15:42.233",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@ubuntu.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security@ubuntu.com",
"type": "Secondary",
@ -46,22 +76,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E702D7-F8C0-49BF-9FFB-883017076E98"
}
]
}
]
}
],
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629",
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "security@ubuntu.com"
},
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629",
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html",
"source": "security@ubuntu.com"
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://ubuntu.com/security/notices/USN-6250-1",
"source": "security@ubuntu.com"
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability",
"source": "security@ubuntu.com"
"source": "security@ubuntu.com",
"tags": [
"Exploit"
]
}
]
}

8
CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32707",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.117",
"lastModified": "2023-06-07T14:29:18.523",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T19:15:42.337",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -106,6 +106,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html",
"source": "prodsec@splunk.com"
},
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0602",
"source": "prodsec@splunk.com",

6
CVE-2023/CVE-2023-33xx/CVE-2023-3389.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3389",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T20:15:09.773",
"lastModified": "2023-08-19T18:16:48.263",
"lastModified": "2023-09-11T19:15:43.383",
"vulnStatus": "Modified",
"descriptions": [
{
@ -103,6 +103,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "cve-coordination@google.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04",
"source": "cve-coordination@google.com",

6
CVE-2023/CVE-2023-33xx/CVE-2023-3390.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3390",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T21:15:10.447",
"lastModified": "2023-08-18T14:15:28.593",
"lastModified": "2023-09-11T19:15:43.490",
"vulnStatus": "Modified",
"descriptions": [
{
@ -96,6 +96,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "cve-coordination@google.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97",
"source": "cve-coordination@google.com",

6
CVE-2023/CVE-2023-350xx/CVE-2023-35001.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35001",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-05T19:15:10.147",
"lastModified": "2023-08-24T19:15:39.257",
"lastModified": "2023-09-11T19:15:42.447",
"vulnStatus": "Modified",
"descriptions": [
{
@ -136,6 +136,10 @@
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "security@ubuntu.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/05/3",
"source": "security@ubuntu.com",

27
CVE-2023/CVE-2023-350xx/CVE-2023-35065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35065",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-05T18:15:10.067",
"lastModified": "2023-09-05T18:29:49.867",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:30:59.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:osoft:dyeing_-_printing_-_finishing_production_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "01732BFD-FD5F-4610-8A10-28463DEA50FC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0490",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-350xx/CVE-2023-35068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35068",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-05T18:15:10.327",
"lastModified": "2023-09-05T18:29:49.867",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:33:00.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bma:personnel_tracking_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230904",
"matchCriteriaId": "285505CA-F529-496A-A791-1A390035AE4B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0491",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-350xx/CVE-2023-35072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35072",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-05T18:15:10.507",
"lastModified": "2023-09-05T18:29:49.867",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:38:17.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coyavtravel:proagent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230904",
"matchCriteriaId": "9F84B6E8-C243-4488-9244-6D6D7F181338"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0492",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-357xx/CVE-2023-35785.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-35785",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.033",
"lastModified": "2023-09-08T03:15:08.017",
"lastModified": "2023-09-11T19:15:42.563",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators."
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
}
],
"metrics": {

6
CVE-2023/CVE-2023-357xx/CVE-2023-35788.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35788",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T21:15:09.340",
"lastModified": "2023-08-19T18:16:44.583",
"lastModified": "2023-09-11T19:15:42.757",
"vulnStatus": "Modified",
"descriptions": [
{
@ -215,6 +215,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/17/1",
"source": "cve@mitre.org",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36140",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:16:00.773",
"lastModified": "2023-09-11T15:16:00.773",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-387xx/CVE-2023-38743.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38743",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:42.890",
"lastModified": "2023-09-11T19:15:42.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine."
}
],
"metrics": {},
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-388xx/CVE-2023-38829.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38829",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:42.957",
"lastModified": "2023-09-11T19:15:42.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39063.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39063",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:43.013",
"lastModified": "2023-09-11T19:15:43.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/AndreGNogueira/CVE-2023-39063",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39067.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39067",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T18:15:10.223",
"lastModified": "2023-09-11T19:08:33.020",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yao-ruo/CVE-FIND/blob/main/CVE-2023-39067",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yao-ruo/CVE-ZLMediaKit/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39068.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39068",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:43.070",
"lastModified": "2023-09-11T19:15:43.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component."
}
],
"metrics": {},
"references": [
{
"url": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39070.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39070",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:43.127",
"lastModified": "2023-09-11T19:15:43.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934."
}
],
"metrics": {},
"references": [
{
"url": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/",
"source": "cve@mitre.org"
}
]
}

48
CVE-2023/CVE-2023-395xx/CVE-2023-39511.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39511",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:08.627",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:06:25.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.25",
"matchCriteriaId": "11743AE1-4C92-47E9-BDA5-764FE3984CE8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-395xx/CVE-2023-39598.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-39598",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T18:15:10.900",
"lastModified": "2023-09-05T18:29:49.867",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:46:42.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:webclient:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4079A278-C269-46FF-8610-3516CB112401"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-397xx/CVE-2023-39780.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-39780",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:43.190",
"lastModified": "2023-09-11T19:15:43.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-400xx/CVE-2023-40032.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-40032",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-11T19:15:43.603",
"lastModified": "2023-09-11T19:15:43.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libvips/libvips/pull/3604",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-403xx/CVE-2023-40397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40397",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-06T21:15:13.850",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:15:10.427",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"

4
CVE-2023/CVE-2023-410xx/CVE-2023-41000.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T15:16:02.307",
"lastModified": "2023-09-11T15:16:02.307",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

16
CVE-2023/CVE-2023-410xx/CVE-2023-41064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41064",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-07T18:15:07.727",
"lastModified": "2023-09-08T22:15:11.583",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:15:43.720",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,18 @@
{
"url": "https://support.apple.com/kb/HT213906",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213913",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213914",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213915",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-411xx/CVE-2023-41103.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:43.917",
"lastModified": "2023-09-11T19:15:43.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload."
}
],
"metrics": {},
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103",
"source": "cve@mitre.org"
},
{
"url": "https://www.interactsoftware.com/",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-411xx/CVE-2023-41107.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-41107",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T16:15:08.050",
"lastModified": "2023-09-05T17:31:50.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:15:44.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tef:tef_portal:2023-07-17:*:*:*:*:*:*:*",
"matchCriteriaId": "29E8FC8A-0F2E-43B3-A9C8-40C703D5BD70"
}
]
}
]
}
],
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-020.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-411xx/CVE-2023-41108.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-41108",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T16:15:08.110",
"lastModified": "2023-09-05T17:31:50.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:17:05.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TEF portal 2023-07-17 is vulnerable to authenticated remote code execution."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tef:tef_portal:2023-07-17:*:*:*:*:*:*:*",
"matchCriteriaId": "29E8FC8A-0F2E-43B3-A9C8-40C703D5BD70"
}
]
}
]
}
],
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-021.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-412xx/CVE-2023-41256.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41256",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-11T19:15:43.987",
"lastModified": "2023-09-11T19:15:43.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

64
CVE-2023/CVE-2023-413xx/CVE-2023-41328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41328",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:09.047",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:05:46.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.46.1",
"matchCriteriaId": "418BFA9F-DE58-440C-BC07-A7195C346BE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.20.0",
"matchCriteriaId": "257F1200-5913-42A0-B2FF-C9B7A5FDC7DD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/frappe/releases/tag/v13.46.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/frappe/frappe/releases/tag/v14.20.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-415xx/CVE-2023-41508.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41508",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T21:15:47.483",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:53:12.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Una contrase\u00f1a incrustada en Super Store Finder v3.6 permite a los atacantes acceder al panel de administraci\u00f3n. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:superstorefinder:super_store_finder:3.6:*:*:*:*:-:*:*",
"matchCriteriaId": "CFD2140D-96EB-4B60-8BEE-AE439992F5AA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/redblueteam/CVE-2023-41508/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

32
CVE-2023/CVE-2023-415xx/CVE-2023-41593.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-41593",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T18:15:10.767",
"lastModified": "2023-09-11T19:08:33.020",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41593",
"source": "cve@mitre.org"
},
{
"url": "https://portswigger.net/web-security/cross-site-scripting",
"source": "cve@mitre.org"
},
{
"url": "https://www.acunetix.com/websitesecurity/cross-site-scripting/",
"source": "cve@mitre.org"
},
{
"url": "https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-416xx/CVE-2023-41601.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-41601",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-06T20:15:07.857",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:03:19.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/al3zx/csz_cms_1_3_0_xss_in_install_page/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.cszcms.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-416xx/CVE-2023-41609.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41609",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T18:15:10.993",
"lastModified": "2023-09-11T19:08:33.020",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/CouchCMS/CouchCMS/issues/190",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-419xx/CVE-2023-41930.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-41930",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:09.377",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:23:34.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1227.v7a_79fc4dc01f",
"matchCriteriaId": "DCA428E1-B407-4F61-AB8B-B24D902C4A8D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41931.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41931",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:09.577",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:55:42.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1227.v7a_79fc4dc01f",
"matchCriteriaId": "DCA428E1-B407-4F61-AB8B-B24D902C4A8D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41941.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41941",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.107",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:44:44.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.12",
"matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(1)",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41942.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41942",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.217",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:43:21.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.12",
"matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41943.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41943",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.433",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:40:55.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.12",
"matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41944.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41944",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.553",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:37:32.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.12",
"matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3102",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41945.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41945",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.770",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:07:22.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:assembla_auth:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.14",
"matchCriteriaId": "58175D24-70D9-48A1-83E8-1C019C9C32DF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3065",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41946.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41946",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.887",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:07:01.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:frugal_testing:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "F9A50DC0-0C81-4FFE-9983-9F77A40B7D8F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41947.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41947",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.973",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:06:49.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:frugal_testing:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "F9A50DC0-0C81-4FFE-9983-9F77A40B7D8F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-42xx/CVE-2023-4207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4207",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.453",
"lastModified": "2023-09-10T12:16:20.457",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-11T18:13:33.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-42xx/CVE-2023-4208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4208",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.627",
"lastModified": "2023-09-10T12:16:20.607",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-11T18:12:56.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-42xx/CVE-2023-4244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4244",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.877",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:12:18.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,14 +76,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-43xx/CVE-2023-4310.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-4310",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T21:15:47.537",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T19:01:47.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -23,14 +56,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "402E7658-AAFA-41FF-A4E1-1DF4FD845BC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3366D2EE-532C-4741-B32A-575E8B1A9AF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:remote_support:23.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FABCD6F1-8D5A-4373-83B5-9DDE81331343"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:remote_support:23.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E495D6D-7D56-41E6-B62A-0081AD9146BD"
}
]
}
]
}
],
"references": [
{
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-44xx/CVE-2023-4485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4485",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-06T00:15:07.530",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:00:50.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,44 @@
"value": "CWE-89"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ardereg:sistemas_scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.203",
"matchCriteriaId": "C51DD5B5-A3FA-482B-819F-100F193CEB96"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

50
CVE-2023/CVE-2023-45xx/CVE-2023-4597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4597",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.660",
"lastModified": "2023-09-01T18:36:38.313",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-11T19:15:44.123",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -12,29 +12,9 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,6 +31,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174604/WordPress-Slimstat-Analytics-5.0.9-Cross-Site-Scripting-SQL-Injection.html",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892",
"source": "security@wordfence.com",

86
CVE-2023/CVE-2023-46xx/CVE-2023-4622.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4622",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:12.193",
"lastModified": "2023-09-10T12:16:21.273",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-11T18:15:11.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.4.15",
"matchCriteriaId": "AE02A61A-E8BA-45B0-BA09-833FBAB89E71"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-46xx/CVE-2023-4623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4623",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:12.357",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:15:48.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,14 +76,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.75",
"matchCriteriaId": "D5893A86-1141-4D63-AC5A-819A556D79D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "169446DE-67F8-4738-91FE-ED8058118F80"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-47xx/CVE-2023-4772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4772",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-07T02:15:08.033",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:17:13.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.8.9",
"matchCriteriaId": "8C51C28A-2E44-4EB9-AE9A-767F9EBAB376"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/newsletter/tags/7.8.9/subscription/subscription.php#L1653",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2955097/newsletter#file21",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87da5300-1add-44fc-a3e0-e8912f946c84?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-47xx/CVE-2023-4792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4792",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-07T02:15:08.163",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T18:16:54.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,18 +46,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inqsys:duplicate_post_page_menu_\\&_custom_post_type:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.1",
"matchCriteriaId": "3CB05349-73A8-4C87-96BA-F390EF3EE437"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/duplicate-post-page-menu-custom-post-type/trunk/duplicate-post-page-menu-cpt.php?rev=2871256#L383",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2963515%40duplicate-post-page-menu-custom-post-type&new=2963515%40duplicate-post-page-menu-custom-post-type&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-48xx/CVE-2023-4807.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4807",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-09-08T12:15:08.043",
"lastModified": "2023-09-08T18:15:07.790",
"lastModified": "2023-09-11T19:15:44.617",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html",
"source": "openssl-security@openssl.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/1",
"source": "openssl-security@openssl.org"

4
CVE-2023/CVE-2023-48xx/CVE-2023-4881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4881",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-11T17:15:07.547",
"lastModified": "2023-09-11T17:15:07.547",
"vulnStatus": "Received",
"lastModified": "2023-09-11T18:02:20.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-11T18:00:27.553751+00:00
2023-09-11T20:00:25.410243+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-11T17:59:40.753000+00:00
2023-09-11T19:55:42.340000+00:00
```
### Last Data Feed Release
@ -29,43 +29,65 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224612
224633
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `21`
* [CVE-2023-30058](CVE-2023/CVE-2023-300xx/CVE-2023-30058.json) (`2023-09-11T16:15:07.560`)
* [CVE-2023-4881](CVE-2023/CVE-2023-48xx/CVE-2023-4881.json) (`2023-09-11T17:15:07.547`)
* [CVE-2020-19318](CVE-2020/CVE-2020-193xx/CVE-2020-19318.json) (`2023-09-11T18:15:09.107`)
* [CVE-2020-19319](CVE-2020/CVE-2020-193xx/CVE-2020-19319.json) (`2023-09-11T19:15:41.250`)
* [CVE-2020-19320](CVE-2020/CVE-2020-193xx/CVE-2020-19320.json) (`2023-09-11T19:15:41.367`)
* [CVE-2020-19323](CVE-2020/CVE-2020-193xx/CVE-2020-19323.json) (`2023-09-11T19:15:41.437`)
* [CVE-2020-19559](CVE-2020/CVE-2020-195xx/CVE-2020-19559.json) (`2023-09-11T19:15:41.500`)
* [CVE-2023-39067](CVE-2023/CVE-2023-390xx/CVE-2023-39067.json) (`2023-09-11T18:15:10.223`)
* [CVE-2023-41593](CVE-2023/CVE-2023-415xx/CVE-2023-41593.json) (`2023-09-11T18:15:10.767`)
* [CVE-2023-41609](CVE-2023/CVE-2023-416xx/CVE-2023-41609.json) (`2023-09-11T18:15:10.993`)
* [CVE-2023-31067](CVE-2023/CVE-2023-310xx/CVE-2023-31067.json) (`2023-09-11T19:15:41.873`)
* [CVE-2023-31068](CVE-2023/CVE-2023-310xx/CVE-2023-31068.json) (`2023-09-11T19:15:41.927`)
* [CVE-2023-31069](CVE-2023/CVE-2023-310xx/CVE-2023-31069.json) (`2023-09-11T19:15:41.983`)
* [CVE-2023-31468](CVE-2023/CVE-2023-314xx/CVE-2023-31468.json) (`2023-09-11T19:15:42.173`)
* [CVE-2023-38743](CVE-2023/CVE-2023-387xx/CVE-2023-38743.json) (`2023-09-11T19:15:42.890`)
* [CVE-2023-38829](CVE-2023/CVE-2023-388xx/CVE-2023-38829.json) (`2023-09-11T19:15:42.957`)
* [CVE-2023-39063](CVE-2023/CVE-2023-390xx/CVE-2023-39063.json) (`2023-09-11T19:15:43.013`)
* [CVE-2023-39068](CVE-2023/CVE-2023-390xx/CVE-2023-39068.json) (`2023-09-11T19:15:43.070`)
* [CVE-2023-39070](CVE-2023/CVE-2023-390xx/CVE-2023-39070.json) (`2023-09-11T19:15:43.127`)
* [CVE-2023-39780](CVE-2023/CVE-2023-397xx/CVE-2023-39780.json) (`2023-09-11T19:15:43.190`)
* [CVE-2023-40032](CVE-2023/CVE-2023-400xx/CVE-2023-40032.json) (`2023-09-11T19:15:43.603`)
* [CVE-2023-41103](CVE-2023/CVE-2023-411xx/CVE-2023-41103.json) (`2023-09-11T19:15:43.917`)
* [CVE-2023-41256](CVE-2023/CVE-2023-412xx/CVE-2023-41256.json) (`2023-09-11T19:15:43.987`)
### CVEs modified in the last Commit
Recently modified CVEs: `22`
Recently modified CVEs: `70`
* [CVE-2023-4844](CVE-2023/CVE-2023-48xx/CVE-2023-4844.json) (`2023-09-11T16:40:46.803`)
* [CVE-2023-34637](CVE-2023/CVE-2023-346xx/CVE-2023-34637.json) (`2023-09-11T16:54:19.023`)
* [CVE-2023-28557](CVE-2023/CVE-2023-285xx/CVE-2023-28557.json) (`2023-09-11T16:57:21.930`)
* [CVE-2023-28549](CVE-2023/CVE-2023-285xx/CVE-2023-28549.json) (`2023-09-11T16:58:23.583`)
* [CVE-2023-28548](CVE-2023/CVE-2023-285xx/CVE-2023-28548.json) (`2023-09-11T17:05:04.900`)
* [CVE-2023-28544](CVE-2023/CVE-2023-285xx/CVE-2023-28544.json) (`2023-09-11T17:08:00.573`)
* [CVE-2023-40743](CVE-2023/CVE-2023-407xx/CVE-2023-40743.json) (`2023-09-11T17:16:46.603`)
* [CVE-2023-41012](CVE-2023/CVE-2023-410xx/CVE-2023-41012.json) (`2023-09-11T17:32:47.030`)
* [CVE-2023-4779](CVE-2023/CVE-2023-47xx/CVE-2023-4779.json) (`2023-09-11T17:46:42.657`)
* [CVE-2023-4346](CVE-2023/CVE-2023-43xx/CVE-2023-4346.json) (`2023-09-11T17:47:59.647`)
* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-11T17:49:21.660`)
* [CVE-2023-41940](CVE-2023/CVE-2023-419xx/CVE-2023-41940.json) (`2023-09-11T17:49:38.180`)
* [CVE-2023-41939](CVE-2023/CVE-2023-419xx/CVE-2023-41939.json) (`2023-09-11T17:51:37.613`)
* [CVE-2023-41938](CVE-2023/CVE-2023-419xx/CVE-2023-41938.json) (`2023-09-11T17:52:09.947`)
* [CVE-2023-41937](CVE-2023/CVE-2023-419xx/CVE-2023-41937.json) (`2023-09-11T17:53:01.077`)
* [CVE-2023-41936](CVE-2023/CVE-2023-419xx/CVE-2023-41936.json) (`2023-09-11T17:53:27.380`)
* [CVE-2023-41935](CVE-2023/CVE-2023-419xx/CVE-2023-41935.json) (`2023-09-11T17:54:37.170`)
* [CVE-2023-4206](CVE-2023/CVE-2023-42xx/CVE-2023-4206.json) (`2023-09-11T17:57:25.160`)
* [CVE-2023-4745](CVE-2023/CVE-2023-47xx/CVE-2023-4745.json) (`2023-09-11T17:57:42.127`)
* [CVE-2023-4739](CVE-2023/CVE-2023-47xx/CVE-2023-4739.json) (`2023-09-11T17:58:12.637`)
* [CVE-2023-4015](CVE-2023/CVE-2023-40xx/CVE-2023-4015.json) (`2023-09-11T17:59:05.123`)
* [CVE-2023-3777](CVE-2023/CVE-2023-37xx/CVE-2023-3777.json) (`2023-09-11T17:59:40.753`)
* [CVE-2023-32163](CVE-2023/CVE-2023-321xx/CVE-2023-32163.json) (`2023-09-11T18:52:49.417`)
* [CVE-2023-41508](CVE-2023/CVE-2023-415xx/CVE-2023-41508.json) (`2023-09-11T18:53:12.833`)
* [CVE-2023-32162](CVE-2023/CVE-2023-321xx/CVE-2023-32162.json) (`2023-09-11T18:53:22.077`)
* [CVE-2023-29198](CVE-2023/CVE-2023-291xx/CVE-2023-29198.json) (`2023-09-11T18:58:07.770`)
* [CVE-2023-4310](CVE-2023/CVE-2023-43xx/CVE-2023-4310.json) (`2023-09-11T19:01:47.590`)
* [CVE-2023-23623](CVE-2023/CVE-2023-236xx/CVE-2023-23623.json) (`2023-09-11T19:02:53.833`)
* [CVE-2023-30718](CVE-2023/CVE-2023-307xx/CVE-2023-30718.json) (`2023-09-11T19:05:24.947`)
* [CVE-2023-41947](CVE-2023/CVE-2023-419xx/CVE-2023-41947.json) (`2023-09-11T19:06:49.680`)
* [CVE-2023-41946](CVE-2023/CVE-2023-419xx/CVE-2023-41946.json) (`2023-09-11T19:07:01.407`)
* [CVE-2023-41945](CVE-2023/CVE-2023-419xx/CVE-2023-41945.json) (`2023-09-11T19:07:22.307`)
* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-09-11T19:11:58.063`)
* [CVE-2023-31248](CVE-2023/CVE-2023-312xx/CVE-2023-31248.json) (`2023-09-11T19:15:42.037`)
* [CVE-2023-32629](CVE-2023/CVE-2023-326xx/CVE-2023-32629.json) (`2023-09-11T19:15:42.233`)
* [CVE-2023-32707](CVE-2023/CVE-2023-327xx/CVE-2023-32707.json) (`2023-09-11T19:15:42.337`)
* [CVE-2023-35001](CVE-2023/CVE-2023-350xx/CVE-2023-35001.json) (`2023-09-11T19:15:42.447`)
* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-09-11T19:15:42.563`)
* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-09-11T19:15:42.757`)
* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-09-11T19:15:43.253`)
* [CVE-2023-3389](CVE-2023/CVE-2023-33xx/CVE-2023-3389.json) (`2023-09-11T19:15:43.383`)
* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-09-11T19:15:43.490`)
* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-11T19:15:43.720`)
* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-09-11T19:15:44.123`)
* [CVE-2023-4807](CVE-2023/CVE-2023-48xx/CVE-2023-4807.json) (`2023-09-11T19:15:44.617`)
* [CVE-2023-41930](CVE-2023/CVE-2023-419xx/CVE-2023-41930.json) (`2023-09-11T19:23:34.093`)
* [CVE-2023-41931](CVE-2023/CVE-2023-419xx/CVE-2023-41931.json) (`2023-09-11T19:55:42.340`)
## Download and Usage