admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-21T14:00:24.162549+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-21 14:00:27 +00:00
parent 978d65294c
commit 204db71da6
37 changed files with 4477 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2015/CVE-2015-54xx/CVE-2015-5467.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-5467",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:10.580",
"lastModified": "2023-09-21T06:15:10.580",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "web\\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter."
},
{
"lang": "es",
"value": "web\\ViewAction en Yii (tambi\u00e9n conocido como Yii2) 2.x anterior a 2.0.5 permite a los atacantes ejecutar cualquier archivo .php local a trav\u00e9s de una ruta relativa en el par\u00e1metro de vista."
}
],
"metrics": {},

8
CVE-2015/CVE-2015-83xx/CVE-2015-8371.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-8371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:11.633",
"lastModified": "2023-09-21T06:15:11.633",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected."
},
{
"lang": "es",
"value": "Composer anterior al 10 de febrero de 2016 permite el envenenamiento de la cach\u00e9 de otros proyectos creados en el mismo host. Esto da como resultado que el c\u00f3digo controlado por el atacante ingrese a un proceso de compilaci\u00f3n del lado del servidor. El problema se debe a la forma en que se almacenan en cach\u00e9 los paquetes dist. La clave de cach\u00e9 se deriva del nombre del paquete, el tipo de dist y algunos otros datos del repositorio de paquetes (que pueden ser simplemente un hash de confirmaci\u00f3n y, por lo tanto, un atacante puede encontrarlos). Las versiones hasta 1.0.0-alpha11 se ven afectadas y la 1.0.0 no."
}
],
"metrics": {},

8
CVE-2018/CVE-2018-54xx/CVE-2018-5478.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2018-5478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:12.223",
"lastModified": "2023-09-21T06:15:12.223",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension."
},
{
"lang": "es",
"value": "Contao 3.x anterior a 3.5.32 permite XSS a trav\u00e9s del m\u00f3dulo de cancelaci\u00f3n de suscripci\u00f3n en la extensi\u00f3n del bolet\u00edn frontal."
}
],
"metrics": {},

75
CVE-2020/CVE-2020-240xx/CVE-2020-24089.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-24089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T00:15:09.847",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:21:26.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Se descubri\u00f3 un problema en ImfHpRegFilter.sys en IOBit Malware Fighter versi\u00f3n 8.0.2, que permite a atacantes locales provocar una Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iobit:malware_fighter:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE3C507-4E1F-4C05-A5A8-443A1890FAAF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rjt-gupta/CVE-2020-24089",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2021/CVE-2021-284xx/CVE-2021-28485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-28485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T15:15:07.827",
"lastModified": "2023-09-19T15:15:51.707",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-21T12:51:08.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "En Ericsson Mobile Switching Center Server (MSC-S) anterior a IS 3.1 CP22, la aplicaci\u00f3n web SIS permite el Path Traversal a trav\u00e9s de un par\u00e1metro espec\u00edfico en la solicitud https despu\u00e9s de la autenticaci\u00f3n, lo que permite el acceso a archivos en el sistema a los que no se pretende que sean accesibles a trav\u00e9s de la aplicaci\u00f3n web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ericsson:mobile_switching_center_server_bc_18a_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "is_3.1",
"versionEndExcluding": "is_3.1_cp22",
"matchCriteriaId": "65172795-358D-4EA4-B48A-C0938814894F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ericsson:mobile_switching_center_server_bc_18a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32651337-BD6E-4B25-A6C0-34B7B6F65278"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ericsson.com/en/about-us/security/psirt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-29xx/CVE-2023-2995.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-2995",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-19T20:15:09.120",
"lastModified": "2023-09-19T21:20:45.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:13:26.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Leyka de WordPress hasta la versi\u00f3n 3.30.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Stored Cross-Site Scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:te-st:leyka:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.30.3",
"matchCriteriaId": "F8D63665-5E78-4EE5-AB4B-9725C5EB53EB"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/762ff2ca-5c1f-49ae-b83c-1c22bacbc82f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-318xx/CVE-2023-31808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31808",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T14:15:20.610",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:14:26.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Los dispositivos Technicolor TG670 10.5.N.9 contienen varias cuentas con contrase\u00f1as codificadas. Una cuenta tiene privilegios administrativos, lo que permite el acceso sin restricciones a trav\u00e9s de la interfaz WAN si la Administraci\u00f3n Remota est\u00e1 habilitada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:technicolor:tg670_firmware:10.5.n.9:*:*:*:*:*:*:*",
"matchCriteriaId": "28B14C72-678B-4DA0-BF82-AFC01DCDF016"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:technicolor:tg670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "656E3585-EE88-4616-86EF-2B8C6E956C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/913565",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

69
CVE-2023/CVE-2023-363xx/CVE-2023-36319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36319",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T00:15:10.980",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:20:09.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Vulnerabilidad de Carga de Archivos en Openupload Stable v.0.4.3 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de acci\u00f3n del archivo compress-inc.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openupload_project:openupload:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4279B755-AA03-4D9C-8486-A971B2C59961"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Lowalu/CVE-2023-36319",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://openupload.sourceforge.net/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

53
CVE-2023/CVE-2023-364xx/CVE-2023-36472.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36472",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T19:15:08.117",
"lastModified": "2023-09-19T17:15:08.173",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-21T13:57:40.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.11.7",
"matchCriteriaId": "8555152A-73A5-47F6-9322-1B280C703A56"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.11.7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-392xx/CVE-2023-39252.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39252",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-09-21T06:15:12.993",
"lastModified": "2023-09-21T06:15:12.993",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n"
},
{
"lang": "es",
"value": "Dell SCG Policy Manager 5.16.00.14 contiene una vulnerabilidad de algoritmo criptogr\u00e1fico roto. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad realizando ataques MitM y permitiendo que los atacantes obtengan informaci\u00f3n sensible.\n"
}
],
"metrics": {

66
CVE-2023/CVE-2023-395xx/CVE-2023-39575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T00:15:11.120",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:19:01.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en el par\u00e1metro URL url_str de ISL ARP Guard v4.0.2 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isl:arp-guard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.4-1",
"matchCriteriaId": "4E49061A-5010-4A46-BBE7-F54BEB04CC1D"
}
]
}
]
}
],
"references": [
{
"url": "https://evait.medium.com/discovery-of-a-reflective-xss-vulnerability-in-arp-guard-software-1734b5113e1c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

1126
CVE-2023/CVE-2023-405xx/CVE-2023-40588.json
View File

File diff suppressed because it is too large Load Diff

60
CVE-2023/CVE-2023-40xx/CVE-2023-4092.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4092",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:23.133",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:13:44.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Arconte \u00c1urea, en su versi\u00f3n 1.5.0.0. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante leer datos confidenciales de la base de datos, modificar datos (insertar/actualizar/eliminar), realizar operaciones de administraci\u00f3n de la base de datos y, en algunos casos, ejecutar comandos en el sistema operativo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5718D4D2-D570-4848-A1BA-031A0E8C548A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-40xx/CVE-2023-4093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4093",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T14:15:22.177",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:16:30.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5718D4D2-D570-4848-A1BA-031A0E8C548A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-40xx/CVE-2023-4095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4095",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T14:15:24.270",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:18:03.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujitsu:arconte_aurea:1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5718D4D2-D570-4848-A1BA-031A0E8C548A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-410xx/CVE-2023-41030.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41030",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-18T19:15:43.060",
"lastModified": "2023-09-19T03:37:34.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:22:58.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hard-coded credentials in\u00a0Juplink RX4-1500 versions V1.0.2 through V1.0.5\u00a0allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user."
},
{
"lang": "es",
"value": "Las credenciales codificadas en Juplink RX4-1500 versiones V1.0.2 a V1.0.5 permiten a los atacantes no autenticados iniciar sesi\u00f3n en la interfaz web o en el servicio telnet como usuario \"usuario\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -46,10 +80,45 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.2",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "CA845736-15E8-4786-861A-DFCCA287E384"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-hard-coded-credential-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

1138
CVE-2023/CVE-2023-410xx/CVE-2023-41042.json
View File

File diff suppressed because it is too large Load Diff

1126
CVE-2023/CVE-2023-410xx/CVE-2023-41043.json
View File

File diff suppressed because it is too large Load Diff

6
CVE-2023/CVE-2023-411xx/CVE-2023-41179.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41179",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-09-19T14:15:21.343",
"lastModified": "2023-09-19T17:57:31.250",
"lastModified": "2023-09-21T13:15:09.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU90967486/",
"source": "security@trendmicro.com"
},
{
"url": "https://success.trendmicro.com/jp/solution/000294706",
"source": "security@trendmicro.com"

8
CVE-2023/CVE-2023-41xx/CVE-2023-4152.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4152",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-09-21T07:15:14.300",
"lastModified": "2023-09-21T07:15:14.300",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.\n"
},
{
"lang": "es",
"value": "Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de Path Traversal de la interfaz web mediante una URL manipulada sin autenticaci\u00f3n. Esto permite a un atacante remoto leer todos los archivos en el sistema de archivos del dispositivo FDS101."
}
],
"metrics": {

8
CVE-2023/CVE-2023-42xx/CVE-2023-4291.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4291",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-09-21T07:15:18.423",
"lastModified": "2023-09-21T07:15:18.423",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication.\u00a0This could lead to a full compromise of the FDS101 device.\n\n\n"
},
{
"lang": "es",
"value": "Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de par\u00e1metros manipulados de la interfaz web sin autenticaci\u00f3n. Esto podr\u00eda provocar un compromiso total del dispositivo FDS101."
}
],
"metrics": {

8
CVE-2023/CVE-2023-42xx/CVE-2023-4292.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4292",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-09-21T07:15:19.817",
"lastModified": "2023-09-21T07:15:19.817",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.\n\n\n\n"
},
{
"lang": "es",
"value": "Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de par\u00e1metros manipulados de la interfaz web sin autenticaci\u00f3n. La base de datos contiene informaci\u00f3n de registro limitada y no cr\u00edtica."
}
],
"metrics": {

24
CVE-2023/CVE-2023-432xx/CVE-2023-43235.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43235",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:09.917",
"lastModified": "2023-09-21T13:15:09.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWifiDownSettings/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43236.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43236",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.127",
"lastModified": "2023-09-21T13:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/dir_setWanWifi/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43237.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43237",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.253",
"lastModified": "2023-09-21T13:15:10.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/setMAC/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43238.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43238",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.353",
"lastModified": "2023-09-21T13:15:10.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/form2Dhcpip_cgi/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43239.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.470",
"lastModified": "2023-09-21T13:15:10.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/showMACfilterMAC/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43240.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43240",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.583",
"lastModified": "2023-09-21T13:15:10.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/ipportFilter/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43241.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43241",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.680",
"lastModified": "2023-09-21T13:15:10.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWLanRadioSecurity/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43242.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43242",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.797",
"lastModified": "2023-09-21T13:15:10.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/form2IPQoSTcDel/1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-433xx/CVE-2023-43371.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T19:15:11.953",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-21T13:23:28.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Hoteldruid v3.0.5 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro numcaselle en /hoteldruid/creaprezzi.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D702D98A-1616-4D1A-90F0-CEE49FB8707F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-436xx/CVE-2023-43669.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43669",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:13.833",
"lastModified": "2023-09-21T06:15:13.833",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes)."
},
{
"lang": "es",
"value": "Tungstenite crate hasta 0.20.0 para Rust permite a atacantes remotos provocar una Denegaci\u00f3n de Servicio (por minutos de consumo de CPU) a trav\u00e9s de una longitud excesiva de un encabezado HTTP en un protocolo de enlace del cliente. La longitud afecta tanto la cantidad de veces que se intenta un an\u00e1lisis (por ejemplo, miles de veces) como la cantidad promedio de datos para cada intento de an\u00e1lisis (por ejemplo, millones de bytes)."
}
],
"metrics": {},

57
CVE-2023/CVE-2023-43xx/CVE-2023-4376.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4376",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-19T20:15:09.380",
"lastModified": "2023-09-19T21:20:45.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T13:13:15.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento de WordPress Generador y Validador de C\u00f3digos de Serie con Soporte para WooCommerce anterior a 2.4.15 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Stored Cross-Site Scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo en configuraci\u00f3n multisitio)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nikolov:serial_codes_generator_and_validator_with_woocommerce_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.15",
"matchCriteriaId": "AA3B023A-3A4A-4CE4-AAC9-EC65A4209743"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/13910e52-5302-4252-8bee-49dd1f0e180a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4753",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-09-21T10:15:09.597",
"lastModified": "2023-09-21T10:15:09.597",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-47xx/CVE-2023-4760.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4760",
"sourceIdentifier": "emo@eclipse.org",
"published": "2023-09-21T08:15:09.403",
"lastModified": "2023-09-21T08:15:09.403",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\n\n\n\n\n\n\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\ (backslashes) coming further back are kept.\n\nFor example, a file name such as /..\\..\\webapps\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\..\\webapps\\shell.war in its webapps directory and can then be executed.\n\n\n"
},
{
"lang": "es",
"value": "En las versiones de Eclipse RAP desde 3.0.0 hasta 3.25.0 incluida, la Ejecuci\u00f3n Remota de C\u00f3digo es posible en Windows cuando se utiliza el componente FileUpload. La raz\u00f3n de esto es una extracci\u00f3n no completamente segura del nombre del archivo en el m\u00e9todo FileUploadProcessor.stripFileName(String name). Tan pronto como esto encuentre una/en la ruta, todo lo anterior se elimina, pero potencialmente \\ (barras invertidas) que vienen m\u00e1s atr\u00e1s se mantienen. Por ejemplo, se puede utilizar un nombre de archivo como /..\\..\\webapps\\shell.war para cargar un archivo en un servidor Tomcat en Windows, que luego se guarda como ..\\..\\webapps\\shell.war. en su directorio webapps y luego se puede ejecutar.\n"
}
],
"metrics": {

8
CVE-2023/CVE-2023-51xx/CVE-2023-5104.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5104",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-21T09:15:10.063",
"lastModified": "2023-09-21T09:15:10.063",
"vulnStatus": "Received",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0."
},
{
"lang": "es",
"value": "Validaci\u00f3n de Entrada Incorrecta en el repositorio de GitHub nocodb/nocodb anterior a 0.96.0."
}
],
"metrics": {

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-21T12:00:24.906452+00:00
2023-09-21T14:00:24.162549+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-21T10:15:09.597000+00:00
2023-09-21T13:57:40.153000+00:00
```
### Last Data Feed Release
@ -29,20 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225981
225989
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `8`
* [CVE-2023-4753](CVE-2023/CVE-2023-47xx/CVE-2023-4753.json) (`2023-09-21T10:15:09.597`)
* [CVE-2023-43235](CVE-2023/CVE-2023-432xx/CVE-2023-43235.json) (`2023-09-21T13:15:09.917`)
* [CVE-2023-43236](CVE-2023/CVE-2023-432xx/CVE-2023-43236.json) (`2023-09-21T13:15:10.127`)
* [CVE-2023-43237](CVE-2023/CVE-2023-432xx/CVE-2023-43237.json) (`2023-09-21T13:15:10.253`)
* [CVE-2023-43238](CVE-2023/CVE-2023-432xx/CVE-2023-43238.json) (`2023-09-21T13:15:10.353`)
* [CVE-2023-43239](CVE-2023/CVE-2023-432xx/CVE-2023-43239.json) (`2023-09-21T13:15:10.470`)
* [CVE-2023-43240](CVE-2023/CVE-2023-432xx/CVE-2023-43240.json) (`2023-09-21T13:15:10.583`)
* [CVE-2023-43241](CVE-2023/CVE-2023-432xx/CVE-2023-43241.json) (`2023-09-21T13:15:10.680`)
* [CVE-2023-43242](CVE-2023/CVE-2023-432xx/CVE-2023-43242.json) (`2023-09-21T13:15:10.797`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `28`
* [CVE-2020-24089](CVE-2020/CVE-2020-240xx/CVE-2020-24089.json) (`2023-09-21T13:21:26.303`)
* [CVE-2021-28485](CVE-2021/CVE-2021-284xx/CVE-2021-28485.json) (`2023-09-21T12:51:08.870`)
* [CVE-2023-39252](CVE-2023/CVE-2023-392xx/CVE-2023-39252.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-43669](CVE-2023/CVE-2023-436xx/CVE-2023-43669.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-4152](CVE-2023/CVE-2023-41xx/CVE-2023-4152.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-4291](CVE-2023/CVE-2023-42xx/CVE-2023-4291.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-4292](CVE-2023/CVE-2023-42xx/CVE-2023-4292.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-4760](CVE-2023/CVE-2023-47xx/CVE-2023-4760.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-5104](CVE-2023/CVE-2023-51xx/CVE-2023-5104.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-4753](CVE-2023/CVE-2023-47xx/CVE-2023-4753.json) (`2023-09-21T12:04:56.487`)
* [CVE-2023-4376](CVE-2023/CVE-2023-43xx/CVE-2023-4376.json) (`2023-09-21T13:13:15.213`)
* [CVE-2023-2995](CVE-2023/CVE-2023-29xx/CVE-2023-2995.json) (`2023-09-21T13:13:26.580`)
* [CVE-2023-4092](CVE-2023/CVE-2023-40xx/CVE-2023-4092.json) (`2023-09-21T13:13:44.877`)
* [CVE-2023-31808](CVE-2023/CVE-2023-318xx/CVE-2023-31808.json) (`2023-09-21T13:14:26.737`)
* [CVE-2023-41179](CVE-2023/CVE-2023-411xx/CVE-2023-41179.json) (`2023-09-21T13:15:09.647`)
* [CVE-2023-4093](CVE-2023/CVE-2023-40xx/CVE-2023-4093.json) (`2023-09-21T13:16:30.663`)
* [CVE-2023-4095](CVE-2023/CVE-2023-40xx/CVE-2023-4095.json) (`2023-09-21T13:18:03.597`)
* [CVE-2023-39575](CVE-2023/CVE-2023-395xx/CVE-2023-39575.json) (`2023-09-21T13:19:01.857`)
* [CVE-2023-36319](CVE-2023/CVE-2023-363xx/CVE-2023-36319.json) (`2023-09-21T13:20:09.453`)
* [CVE-2023-41030](CVE-2023/CVE-2023-410xx/CVE-2023-41030.json) (`2023-09-21T13:22:58.060`)
* [CVE-2023-43371](CVE-2023/CVE-2023-433xx/CVE-2023-43371.json) (`2023-09-21T13:23:28.350`)
* [CVE-2023-41043](CVE-2023/CVE-2023-410xx/CVE-2023-41043.json) (`2023-09-21T13:25:55.310`)
* [CVE-2023-41042](CVE-2023/CVE-2023-410xx/CVE-2023-41042.json) (`2023-09-21T13:28:21.903`)
* [CVE-2023-40588](CVE-2023/CVE-2023-405xx/CVE-2023-40588.json) (`2023-09-21T13:39:51.940`)
* [CVE-2023-36472](CVE-2023/CVE-2023-364xx/CVE-2023-36472.json) (`2023-09-21T13:57:40.153`)
## Download and Usage