admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-20T20:00:24.985309+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-20 20:00:28 +00:00
parent ef1189200e
commit 1a0f8a5126
38 changed files with 1114 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-391xx/CVE-2022-39135.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-39135",
"sourceIdentifier": "security@apache.org",
"published": "2022-09-11T12:15:08.437",
"lastModified": "2023-02-04T01:13:14.787",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-20T18:15:12.020",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
"value": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
},
{
"lang": "es",

117
CVE-2022/CVE-2022-478xx/CVE-2022-47848.json
View File

@ -2,19 +2,128 @@
"id": "CVE-2022-47848",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T16:15:07.687",
"lastModified": "2023-09-15T16:20:53.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:54:58.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Bezeq Vtech NB403-IL versi\u00f3n BZ_2.02.07.09.13.01 y Vtech IAD604-IL versiones BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T y BZ_2.02.07.09.09T, que permite a atacantes remotos para obtener informaci\u00f3n confidencial a trav\u00e9s de la p\u00e1gina rootDesc.xml del servicio UPnP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bezeq:vtech_nb403-il_firmware:bz_2.02.07.09.13.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4B02C038-F636-4C46-A7D8-2A4F7BD069B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:bezeq:vtech_nb403-il:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F41356-838A-4640-9C7D-AA92BFA550ED"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bezeq:vtech_iad604-il_firmware:bz_2.02.07.09.09t:*:*:*:*:*:*:*",
"matchCriteriaId": "01633E21-8C51-47A1-A04A-78A1796AE684"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bezeq:vtech_iad604-il_firmware:bz_2.02.07.09.13.01:*:*:*:*:*:*:*",
"matchCriteriaId": "54765A58-0E2D-4564-A082-B23A641ECD4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bezeq:vtech_iad604-il_firmware:bz_2.02.07.09.13t:*:*:*:*:*:*:*",
"matchCriteriaId": "352EB738-B6D1-4D50-B091-199AF43DA11A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:bezeq:vtech_iad604-il:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1831376D-EC0C-4AD5-BA34-6A8E09B10915"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://00xbyte.github.io/posts/bezeq-router-auth-bypass/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20594.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20594",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-09-20T18:15:12.187",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20597.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20597",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-09-20T18:15:12.257",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007",
"source": "psirt@amd.com"
}
]
}

12
CVE-2023/CVE-2023-261xx/CVE-2023-26141.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26141",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-14T05:15:11.363",
"lastModified": "2023-09-19T17:22:21.723",
"lastModified": "2023-09-20T18:53:22.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{

44
CVE-2023/CVE-2023-367xx/CVE-2023-36727.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36727",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-15T22:15:13.613",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:47:58.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Suplantaci\u00f3n de Identidad en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "117.0.2045.31",
"matchCriteriaId": "B0B0E406-4254-4C35-8FCC-3117354DD1AB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-367xx/CVE-2023-36735.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36735",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-15T22:15:13.700",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:46:37.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "117.0.2045.31",
"matchCriteriaId": "B0B0E406-4254-4C35-8FCC-3117354DD1AB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-387xx/CVE-2023-38706.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38706",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.217",
"lastModified": "2023-09-17T12:01:22.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:59:40.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
},
{
"lang": "es",
"value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Antes de la versi\u00f3n 3.1.1 de la rama `stable` y la versi\u00f3n 3.2.0.beta1 de las ramas `beta` y `tests-passed`, un usuario malintencionado pod\u00eda crear un n\u00famero ilimitado de borradores con claves de borrador muy largas que pod\u00edan finalizar agotar los recursos del servidor. El problema se solucion\u00f3 en la versi\u00f3n 3.1.1 de la rama \"estable\" y en la versi\u00f3n 3.2.0.beta1 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"versionEndExcluding": "3.1.0",
"matchCriteriaId": "D3C08972-822D-4657-9B6F-02BC692B7C6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "F59F801F-E7B5-4F37-A2E8-6024AD6DD7B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "4C868514-CFCE-4DA6-B15E-CB64CDF21609"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*",
"matchCriteriaId": "755DE44D-B1C7-4434-824F-5544BE6DD1CA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-38xx/CVE-2023-3891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3891",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-15T03:15:08.803",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T18:55:02.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -50,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lapce:lapce:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "644E9D19-0D0E-489A-8B95-105B0E47C129"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/aerosmith",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lapce.dev",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39041.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39041",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:11.230",
"lastModified": "2023-09-20T19:15:11.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39041.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39044.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39044",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T18:15:12.330",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-403xx/CVE-2023-40368.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40368",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-09-20T19:15:11.530",
"lastModified": "2023-09-20T19:15:11.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263456",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7034288",
"source": "psirt@us.ibm.com"
}
]
}

20
CVE-2023/CVE-2023-406xx/CVE-2023-40618.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T18:15:12.383",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-406xx/CVE-2023-40619.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40619",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T18:15:12.433",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619",
"source": "cve@mitre.org"
}
]
}

57
CVE-2023/CVE-2023-418xx/CVE-2023-41886.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41886",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.297",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:18:08.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue."
},
{
"lang": "es",
"value": "OpenRefine es una potente herramienta gratuita de c\u00f3digo abierto para trabajar con datos desordenados. Antes de la versi\u00f3n 3.7.5, una vulnerabilidad de lectura de archivos arbitraria permit\u00eda a cualquier usuario no autenticado leer un archivo en un servidor. La versi\u00f3n 3.7.5 soluciona este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.5",
"matchCriteriaId": "DC4A5110-E031-40BC-AA8F-D3C14300DB4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-418xx/CVE-2023-41887.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41887",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.407",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:20:19.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue."
},
{
"lang": "es",
"value": "OpenRefine es una potente herramienta gratuita de c\u00f3digo abierto para trabajar con datos desordenados. Antes de la versi\u00f3n 3.7.5, una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo permit\u00eda a cualquier usuario no autenticado ejecutar c\u00f3digo en el servidor. La versi\u00f3n 3.7.5 tiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrefine:openrefine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.5",
"matchCriteriaId": "DC4A5110-E031-40BC-AA8F-D3C14300DB4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-418xx/CVE-2023-41889.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41889",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.503",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:27:02.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.\n"
},
{
"lang": "es",
"value": "SHIRASAGI es un sistema de gesti\u00f3n de contenidos. Antes de la versi\u00f3n 1.18.0, SHIRASAGI era vulnerable a un problema de normalizaci\u00f3n posterior a Unicode. Esto sucede cuando se realiza una validaci\u00f3n l\u00f3gica o una verificaci\u00f3n de seguridad antes de una normalizaci\u00f3n Unicode. El car\u00e1cter Unicode equivalente a un car\u00e1cter resurgir\u00eda despu\u00e9s de la normalizaci\u00f3n. La soluci\u00f3n consiste inicialmente en realizar la normalizaci\u00f3n Unicode y luego eliminar todos los espacios en blanco y luego comprobar si hay una cadena en blanco. Este problema se solucion\u00f3 en la versi\u00f3n 1.18.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +80,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18.0",
"matchCriteriaId": "96B19CE9-B96E-4A30-9053-7532F1EF6684"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shirasagi/shirasagi/blob/f249ce3f06f6bfbc0017b38f5c13de424334c3ea/app/models/concerns/rdf/object.rb#L68-L72",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checks",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-424xx/CVE-2023-42442.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42442",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.867",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:33:14.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n"
},
{
"lang": "es",
"value": "JumpServer es un host basti\u00f3n de c\u00f3digo abierto y un sistema profesional de auditor\u00eda de seguridad de operaci\u00f3n y mantenimiento. A partir de la versi\u00f3n 3.0.0 y anteriores a las versiones 3.5.5 y 3.6.4, las repeticiones de sesiones se pueden descargar sin autenticaci\u00f3n. Las repeticiones de sesiones almacenadas en S3, OSS u otro almacenamiento en la nube no se ven afectadas. El control de permisos de la API `/api/v1/terminal/sessions/` est\u00e1 broken y se puede acceder a \u00e9l de forma an\u00f3nima. Clases de permiso SessionViewSet establecidas en `[RBACPermission | IsSessionAssignee]`, la relaci\u00f3n es o, por lo que se permitir\u00e1 cualquier permiso coincidente. Las versiones 3.5.5 y 3.6.4 tienen una soluci\u00f3n. Despu\u00e9s de actualizar, visite la API `$HOST/api/v1/terminal/sessions/?limit=1`. El c\u00f3digo de respuesta http esperado es 401 (\"not_authenticated\")."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +68,66 @@
"value": "CWE-287"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.5.5",
"matchCriteriaId": "C7BB0ACD-6502-4F86-83CE-31210024EC75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.4",
"matchCriteriaId": "D2933823-4D5E-4335-BEF8-E3A3058F1C76"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43371.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:11.953",
"lastModified": "2023-09-20T19:15:11.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43373.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:12.157",
"lastModified": "2023-09-20T19:15:12.157",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43374.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:12.350",
"lastModified": "2023-09-20T19:15:12.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43375.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:12.413",
"lastModified": "2023-09-20T19:15:12.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43376.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:12.487",
"lastModified": "2023-09-20T19:15:12.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43377.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:12.723",
"lastModified": "2023-09-20T19:15:12.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-434xx/CVE-2023-43494.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43494",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.667",
"lastModified": "2023-09-20T17:15:19.187",
"lastModified": "2023-09-20T18:15:12.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261",
"source": "jenkinsci-cert@googlegroups.com"

6
CVE-2023/CVE-2023-434xx/CVE-2023-43495.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43495",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.747",
"lastModified": "2023-09-20T17:15:19.187",
"lastModified": "2023-09-20T18:15:12.547",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245",
"source": "jenkinsci-cert@googlegroups.com"

6
CVE-2023/CVE-2023-434xx/CVE-2023-43496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43496",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.820",
"lastModified": "2023-09-20T17:15:19.187",
"lastModified": "2023-09-20T18:15:12.617",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072",
"source": "jenkinsci-cert@googlegroups.com"

6
CVE-2023/CVE-2023-434xx/CVE-2023-43497.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43497",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.877",
"lastModified": "2023-09-20T17:15:19.187",
"lastModified": "2023-09-20T18:15:12.680",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073",
"source": "jenkinsci-cert@googlegroups.com"

6
CVE-2023/CVE-2023-434xx/CVE-2023-43498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43498",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.927",
"lastModified": "2023-09-20T17:15:19.187",
"lastModified": "2023-09-20T18:15:12.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073",
"source": "jenkinsci-cert@googlegroups.com"

8
CVE-2023/CVE-2023-434xx/CVE-2023-43499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43499",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.980",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T18:15:12.807",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244",
"source": "jenkinsci-cert@googlegroups.com"

8
CVE-2023/CVE-2023-435xx/CVE-2023-43500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43500",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:12.037",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T18:15:12.860",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
"source": "jenkinsci-cert@googlegroups.com"

8
CVE-2023/CVE-2023-435xx/CVE-2023-43501.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43501",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:12.090",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T18:15:12.923",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
"source": "jenkinsci-cert@googlegroups.com"

8
CVE-2023/CVE-2023-435xx/CVE-2023-43502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43502",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:12.147",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T18:15:13.017",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239",
"source": "jenkinsci-cert@googlegroups.com"

12
CVE-2023/CVE-2023-48xx/CVE-2023-4813.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4813",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-12T22:15:08.277",
"lastModified": "2023-09-18T14:07:23.540",
"lastModified": "2023-09-20T19:01:00.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{

124
CVE-2023/CVE-2023-48xx/CVE-2023-4881.json
View File

@ -2,128 +2,14 @@
"id": "CVE-2023-4881",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-11T17:15:07.547",
"lastModified": "2023-09-15T15:15:07.427",
"vulnStatus": "Modified",
"lastModified": "2023-09-20T18:15:19.107",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service."
"value": "** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4881",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
"metrics": {},
"references": []
}

58
CVE-2023/CVE-2023-49xx/CVE-2023-4988.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4988",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T16:15:08.080",
"lastModified": "2023-09-15T16:20:53.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T19:52:54.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Bettershop LaikeTui y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo index.php?module=system&action=uploadImg. La manipulaci\u00f3n del argumento imgFile conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. Este producto no utiliza versiones. Esta es la raz\u00f3n por la que la informaci\u00f3n sobre las versiones afectadas y no afectadas no est\u00e1 disponible. El identificador asociado de esta vulnerabilidad es VDB-239799."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laiketui:laiketui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F92D2123-87E2-4F6B-BA3E-3088063E079A"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239799",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239799",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-49xx/CVE-2023-4991.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4991",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T16:15:08.180",
"lastModified": "2023-09-15T16:20:53.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T18:10:55.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en NextBX QWAlerter 4.50. Ha sido calificado como cr\u00edtico. Una funci\u00f3n desconocida del archivo QWAlerter.exe es afectada por este problema. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda sin comillas. Es posible lanzar el ataque al servidor local. El identificador de esta vulnerabilidad es VDB-239804. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quescom:nextbx_qwalerter:4.50:*:*:*:*:*:*:*",
"matchCriteriaId": "412BDF22-1225-4B8C-BEFB-0669A19194F3"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239804",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239804",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-20T18:00:24.507284+00:00
2023-09-20T20:00:24.985309+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-20T17:35:31.753000+00:00
2023-09-20T19:59:40.533000+00:00
```
### Last Data Feed Release
@ -29,53 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225931
225944
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `13`
* [CVE-2023-2262](CVE-2023/CVE-2023-22xx/CVE-2023-2262.json) (`2023-09-20T16:15:12.257`)
* [CVE-2023-2508](CVE-2023/CVE-2023-25xx/CVE-2023-2508.json) (`2023-09-20T16:15:12.373`)
* [CVE-2023-5074](CVE-2023/CVE-2023-50xx/CVE-2023-5074.json) (`2023-09-20T16:15:12.750`)
* [CVE-2023-40043](CVE-2023/CVE-2023-400xx/CVE-2023-40043.json) (`2023-09-20T17:15:11.240`)
* [CVE-2023-42656](CVE-2023/CVE-2023-426xx/CVE-2023-42656.json) (`2023-09-20T17:15:11.410`)
* [CVE-2023-42660](CVE-2023/CVE-2023-426xx/CVE-2023-42660.json) (`2023-09-20T17:15:11.550`)
* [CVE-2023-43494](CVE-2023/CVE-2023-434xx/CVE-2023-43494.json) (`2023-09-20T17:15:11.667`)
* [CVE-2023-43495](CVE-2023/CVE-2023-434xx/CVE-2023-43495.json) (`2023-09-20T17:15:11.747`)
* [CVE-2023-43496](CVE-2023/CVE-2023-434xx/CVE-2023-43496.json) (`2023-09-20T17:15:11.820`)
* [CVE-2023-43497](CVE-2023/CVE-2023-434xx/CVE-2023-43497.json) (`2023-09-20T17:15:11.877`)
* [CVE-2023-43498](CVE-2023/CVE-2023-434xx/CVE-2023-43498.json) (`2023-09-20T17:15:11.927`)
* [CVE-2023-43499](CVE-2023/CVE-2023-434xx/CVE-2023-43499.json) (`2023-09-20T17:15:11.980`)
* [CVE-2023-43500](CVE-2023/CVE-2023-435xx/CVE-2023-43500.json) (`2023-09-20T17:15:12.037`)
* [CVE-2023-43501](CVE-2023/CVE-2023-435xx/CVE-2023-43501.json) (`2023-09-20T17:15:12.090`)
* [CVE-2023-43502](CVE-2023/CVE-2023-435xx/CVE-2023-43502.json) (`2023-09-20T17:15:12.147`)
* [CVE-2023-20594](CVE-2023/CVE-2023-205xx/CVE-2023-20594.json) (`2023-09-20T18:15:12.187`)
* [CVE-2023-20597](CVE-2023/CVE-2023-205xx/CVE-2023-20597.json) (`2023-09-20T18:15:12.257`)
* [CVE-2023-39044](CVE-2023/CVE-2023-390xx/CVE-2023-39044.json) (`2023-09-20T18:15:12.330`)
* [CVE-2023-40618](CVE-2023/CVE-2023-406xx/CVE-2023-40618.json) (`2023-09-20T18:15:12.383`)
* [CVE-2023-40619](CVE-2023/CVE-2023-406xx/CVE-2023-40619.json) (`2023-09-20T18:15:12.433`)
* [CVE-2023-39041](CVE-2023/CVE-2023-390xx/CVE-2023-39041.json) (`2023-09-20T19:15:11.230`)
* [CVE-2023-40368](CVE-2023/CVE-2023-403xx/CVE-2023-40368.json) (`2023-09-20T19:15:11.530`)
* [CVE-2023-43371](CVE-2023/CVE-2023-433xx/CVE-2023-43371.json) (`2023-09-20T19:15:11.953`)
* [CVE-2023-43373](CVE-2023/CVE-2023-433xx/CVE-2023-43373.json) (`2023-09-20T19:15:12.157`)
* [CVE-2023-43374](CVE-2023/CVE-2023-433xx/CVE-2023-43374.json) (`2023-09-20T19:15:12.350`)
* [CVE-2023-43375](CVE-2023/CVE-2023-433xx/CVE-2023-43375.json) (`2023-09-20T19:15:12.413`)
* [CVE-2023-43376](CVE-2023/CVE-2023-433xx/CVE-2023-43376.json) (`2023-09-20T19:15:12.487`)
* [CVE-2023-43377](CVE-2023/CVE-2023-433xx/CVE-2023-43377.json) (`2023-09-20T19:15:12.723`)
### CVEs modified in the last Commit
Recently modified CVEs: `19`
Recently modified CVEs: `24`
* [CVE-2022-3261](CVE-2022/CVE-2022-32xx/CVE-2022-3261.json) (`2023-09-20T16:13:07.833`)
* [CVE-2022-3466](CVE-2022/CVE-2022-34xx/CVE-2022-3466.json) (`2023-09-20T17:19:19.583`)
* [CVE-2023-4456](CVE-2023/CVE-2023-44xx/CVE-2023-4456.json) (`2023-09-20T16:15:12.643`)
* [CVE-2023-4673](CVE-2023/CVE-2023-46xx/CVE-2023-4673.json) (`2023-09-20T16:40:55.827`)
* [CVE-2023-4830](CVE-2023/CVE-2023-48xx/CVE-2023-4830.json) (`2023-09-20T16:41:12.340`)
* [CVE-2023-4664](CVE-2023/CVE-2023-46xx/CVE-2023-4664.json) (`2023-09-20T16:41:57.087`)
* [CVE-2023-4665](CVE-2023/CVE-2023-46xx/CVE-2023-4665.json) (`2023-09-20T16:42:15.850`)
* [CVE-2023-42398](CVE-2023/CVE-2023-423xx/CVE-2023-42398.json) (`2023-09-20T16:48:55.970`)
* [CVE-2023-32461](CVE-2023/CVE-2023-324xx/CVE-2023-32461.json) (`2023-09-20T16:49:51.087`)
* [CVE-2023-4662](CVE-2023/CVE-2023-46xx/CVE-2023-4662.json) (`2023-09-20T16:50:21.117`)
* [CVE-2023-28614](CVE-2023/CVE-2023-286xx/CVE-2023-28614.json) (`2023-09-20T16:54:18.473`)
* [CVE-2023-25586](CVE-2023/CVE-2023-255xx/CVE-2023-25586.json) (`2023-09-20T17:00:51.450`)
* [CVE-2023-4959](CVE-2023/CVE-2023-49xx/CVE-2023-4959.json) (`2023-09-20T17:04:10.337`)
* [CVE-2023-25588](CVE-2023/CVE-2023-255xx/CVE-2023-25588.json) (`2023-09-20T17:10:22.723`)
* [CVE-2023-4985](CVE-2023/CVE-2023-49xx/CVE-2023-4985.json) (`2023-09-20T17:20:32.613`)
* [CVE-2023-40869](CVE-2023/CVE-2023-408xx/CVE-2023-40869.json) (`2023-09-20T17:29:18.640`)
* [CVE-2023-4986](CVE-2023/CVE-2023-49xx/CVE-2023-4986.json) (`2023-09-20T17:31:50.527`)
* [CVE-2023-25584](CVE-2023/CVE-2023-255xx/CVE-2023-25584.json) (`2023-09-20T17:33:44.363`)
* [CVE-2023-25585](CVE-2023/CVE-2023-255xx/CVE-2023-25585.json) (`2023-09-20T17:35:31.753`)
* [CVE-2022-39135](CVE-2022/CVE-2022-391xx/CVE-2022-39135.json) (`2023-09-20T18:15:12.020`)
* [CVE-2022-47848](CVE-2022/CVE-2022-478xx/CVE-2022-47848.json) (`2023-09-20T19:54:58.253`)
* [CVE-2023-4991](CVE-2023/CVE-2023-49xx/CVE-2023-4991.json) (`2023-09-20T18:10:55.033`)
* [CVE-2023-43494](CVE-2023/CVE-2023-434xx/CVE-2023-43494.json) (`2023-09-20T18:15:12.487`)
* [CVE-2023-43495](CVE-2023/CVE-2023-434xx/CVE-2023-43495.json) (`2023-09-20T18:15:12.547`)
* [CVE-2023-43496](CVE-2023/CVE-2023-434xx/CVE-2023-43496.json) (`2023-09-20T18:15:12.617`)
* [CVE-2023-43497](CVE-2023/CVE-2023-434xx/CVE-2023-43497.json) (`2023-09-20T18:15:12.680`)
* [CVE-2023-43498](CVE-2023/CVE-2023-434xx/CVE-2023-43498.json) (`2023-09-20T18:15:12.743`)
* [CVE-2023-43499](CVE-2023/CVE-2023-434xx/CVE-2023-43499.json) (`2023-09-20T18:15:12.807`)
* [CVE-2023-43500](CVE-2023/CVE-2023-435xx/CVE-2023-43500.json) (`2023-09-20T18:15:12.860`)
* [CVE-2023-43501](CVE-2023/CVE-2023-435xx/CVE-2023-43501.json) (`2023-09-20T18:15:12.923`)
* [CVE-2023-43502](CVE-2023/CVE-2023-435xx/CVE-2023-43502.json) (`2023-09-20T18:15:13.017`)
* [CVE-2023-4881](CVE-2023/CVE-2023-48xx/CVE-2023-4881.json) (`2023-09-20T18:15:19.107`)
* [CVE-2023-26141](CVE-2023/CVE-2023-261xx/CVE-2023-26141.json) (`2023-09-20T18:53:22.247`)
* [CVE-2023-3891](CVE-2023/CVE-2023-38xx/CVE-2023-3891.json) (`2023-09-20T18:55:02.363`)
* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-09-20T19:01:00.167`)
* [CVE-2023-41886](CVE-2023/CVE-2023-418xx/CVE-2023-41886.json) (`2023-09-20T19:18:08.340`)
* [CVE-2023-41887](CVE-2023/CVE-2023-418xx/CVE-2023-41887.json) (`2023-09-20T19:20:19.920`)
* [CVE-2023-41889](CVE-2023/CVE-2023-418xx/CVE-2023-41889.json) (`2023-09-20T19:27:02.530`)
* [CVE-2023-42442](CVE-2023/CVE-2023-424xx/CVE-2023-42442.json) (`2023-09-20T19:33:14.337`)
* [CVE-2023-36735](CVE-2023/CVE-2023-367xx/CVE-2023-36735.json) (`2023-09-20T19:46:37.090`)
* [CVE-2023-36727](CVE-2023/CVE-2023-367xx/CVE-2023-36727.json) (`2023-09-20T19:47:58.397`)
* [CVE-2023-4988](CVE-2023/CVE-2023-49xx/CVE-2023-4988.json) (`2023-09-20T19:52:54.430`)
* [CVE-2023-38706](CVE-2023/CVE-2023-387xx/CVE-2023-38706.json) (`2023-09-20T19:59:40.533`)
## Download and Usage