admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-21T18:00:25.216347+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-21 18:00:28 +00:00
parent e44cb214e0
commit 21e7da0caa
43 changed files with 1346 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-224xx/CVE-2022-22483.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-22483",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2022-09-13T21:15:09.107",
"lastModified": "2022-09-16T02:55:46.327",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:09.930",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -67,7 +67,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-269"
}
]
}
@ -200,6 +200,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0004/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6618779",
"source": "psirt@us.ibm.com",

8
CVE-2022/CVE-2022-338xx/CVE-2022-33894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-33894",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:12.630",
"lastModified": "2023-05-18T20:31:56.390",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:10.730",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -7440,6 +7440,10 @@
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0002/",
"source": "secure@intel.com"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html",
"source": "secure@intel.com",

8
CVE-2022/CVE-2022-356xx/CVE-2022-35637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-35637",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2022-09-13T21:15:09.303",
"lastModified": "2022-09-16T02:57:29.760",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:14.740",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -170,6 +170,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0003/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6618775",
"source": "psirt@us.ibm.com",

8
CVE-2023/CVE-2023-14xx/CVE-2023-1409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1409",
"sourceIdentifier": "cna@mongodb.com",
"published": "2023-08-23T16:15:08.167",
"lastModified": "2023-08-29T16:55:10.423",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:15.390",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -151,6 +151,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0007/",
"source": "cna@mongodb.com"
}
]
}

102
CVE-2023/CVE-2023-341xx/CVE-2023-34195.json
View File

@ -2,23 +2,115 @@
"id": "CVE-2023-34195",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T13:15:08.487",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:22:14.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en SystemFirmwareManagementRuntimeDxe en Insyde InsydeH2O con kernel 5.0 a 5.5. La implementaci\u00f3n del m\u00e9todo GetImage recupera el valor de una variable de tiempo de ejecuci\u00f3n denominada GetImageProgress y luego usa este valor como puntero de funci\u00f3n. Esta variable es eliminada por el mismo m\u00f3dulo cerca del final de la funci\u00f3n. Al configurar esta variable UEFI desde el sistema operativo para que apunte a un c\u00f3digo personalizado, un atacante podr\u00eda lograr la ejecuci\u00f3n de c\u00f3digo arbitrario en la fase DXE, antes de que se establezcan varios bloqueos de chipset."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.2.05.28.22",
"matchCriteriaId": "8E141D75-CFA2-4550-9265-6483350453AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.3.05.37.22",
"matchCriteriaId": "F7880FEA-8403-4446-90EB-5677DF675B71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.05.45.22",
"matchCriteriaId": "6AB0F0E0-CB23-40C9-8041-CA7F33A5EFBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.5.05.53.22",
"matchCriteriaId": "565CDEE5-E032-467C-8A31-371BB7D9EC4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.6.05.60.22",
"matchCriteriaId": "5D1C9957-E2FF-4AFA-BE7A-05D0F866DFB1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.insyde.com/security-pledge",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.insyde.com/security-pledge/SA-2023052",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-345xx/CVE-2023-34577.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-34577",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T17:15:16.050",
"lastModified": "2023-09-21T17:15:16.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/19/opartplannedpopup.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-350xx/CVE-2023-35011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35011",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-16T23:15:10.297",
"lastModified": "2023-08-22T18:41:57.707",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:16.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -171,6 +171,10 @@
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0005/",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7026692",
"source": "psirt@us.ibm.com",

53
CVE-2023/CVE-2023-385xx/CVE-2023-38557.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-38557",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-09-14T11:15:07.497",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T16:12:01.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Spectrum Power 7 (todas las versiones "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23q3",
"matchCriteriaId": "E631F839-C97E-4226-B863-E30045654EA1"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-357182.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-400xx/CVE-2023-40019.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40019",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.637",
"lastModified": "2023-09-17T12:01:22.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:59:10.547",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue."
},
{
"lang": "es",
"value": "FreeSWITCH es una pila de telecomunicaciones definida por software que permite la transformaci\u00f3n digital de switches de telecomunicaciones propietarios a una implementaci\u00f3n de software que se ejecuta en cualquier hardware b\u00e1sico. Antes de la versi\u00f3n 1.10.10, FreeSWITCH permit\u00eda a los usuarios autorizados provocar un ataque de denegaci\u00f3n de servicio enviando un nuevo INVITE con SDP que conten\u00eda nombres de c\u00f3dec duplicados. Cuando una llamada en FreeSWITCH completa la negociaci\u00f3n del c\u00f3dec, la variable de canal `codec_string` se configura con el resultado de la negociaci\u00f3n. En una renegociaci\u00f3n posterior, si se ofrece un SDP que contiene c\u00f3decs con los mismos nombres pero con diferentes formatos, es posible que FreeSWITCH detecte demasiadas coincidencias de c\u00f3decs, lo que provocar\u00e1 desbordamientos de sus matrices internas. Al abusar de esta vulnerabilidad, un atacante puede corromper la pila de FreeSWITCH, lo que provoca un comportamiento indefinido del sistema o simplemente bloquearlo. La versi\u00f3n 1.10.10 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10.10",
"matchCriteriaId": "5FBCE979-CA36-45E2-B9DE-11B260D2AB19"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-401xx/CVE-2023-40183.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40183",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.197",
"lastModified": "2023-09-21T15:15:10.197",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds."
},
{
"lang": "es",
"value": "DataEase es una herramienta de an\u00e1lisis y visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.18.11, DataEase ten\u00eda una vulnerabilidad que permit\u00eda a un atacante obtener cookies de usuario. El programa s\u00f3lo utiliza el m\u00e9todo `ImageIO.read()` para determinar si el archivo es un archivo de imagen o no. No existe ninguna restricci\u00f3n de inclusi\u00f3n en la lista blanca de sufijos de archivos. Esto permite al atacante sintetizar el c\u00f3digo de ataque en una imagen para cargarla y cambiar la extensi\u00f3n del archivo a html. El atacante puede robar las cookies del usuario accediendo a enlaces. La vulnerabilidad se ha solucionado en v1.18.11. No se conocen soluciones alternativas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-410xx/CVE-2023-41048.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41048",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.667",
"lastModified": "2023-09-21T15:15:10.667",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds."
},
{
"lang": "es",
"value": "plone.namedfile permite a los usuarios manejar los campos `File` e `Image` dirigidos, pero no dependiendo del contenido de Plone Dexterity. Antes de las versiones 5.6.1, 6.0.3, 6.1.3 y 6.2.1, existe una vulnerabilidad de Stored Cross-Site Scripting para im\u00e1genes SVG. Una revisi\u00f3n de seguridad de 2021 ya solucion\u00f3 parcialmente este problema al garantizar que las im\u00e1genes SVG siempre se descarguen en lugar de mostrarse en l\u00ednea. Pero el mismo problema todav\u00eda existe para las escalas de im\u00e1genes SVG. Tenga en cuenta que una etiqueta de imagen con una imagen SVG como fuente no es vulnerable, incluso cuando la imagen SVG contiene c\u00f3digo malicioso. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que cargar una imagen y luego enga\u00f1ar al usuario para que siga un enlace especialmente manipulado. Los parches est\u00e1n disponibles en las versiones 5.6.1 (para Plone 5.2), 6.0.3 (para Plone 6.0.0-6.0.4), 6.1.3 (para Plone 6.0.5-6.0.6) y 6.2.1 (para Pl\u00f3n 6.0.7). No se conocen workarounds."
}
],
"metrics": {

8
CVE-2023/CVE-2023-410xx/CVE-2023-41080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41080",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-25T21:15:09.397",
"lastModified": "2023-08-31T17:05:13.283",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:21.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -138,6 +138,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0006/",
"source": "security@apache.org"
}
]
}

78
CVE-2023/CVE-2023-415xx/CVE-2023-41595.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-41595",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T16:15:45.577",
"lastModified": "2023-09-18T18:23:59.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:31:59.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password."
},
{
"lang": "es",
"value": "Un problema en xui-xray v1.8.3 permite a las atacantes obtener informaci\u00f3n sensible a trav\u00e9s de la contrase\u00f1a predeterminada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaxilu:x-ui:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21976C47-CB47-4E98-8014-1650AB4E3AC8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://xui-xray.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
]
},
{
"url": "https://github.com/dubin12345/xui-xary/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/vaxilu/x-ui",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

87
CVE-2023/CVE-2023-418xx/CVE-2023-41880.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41880",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:11.017",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T16:17:54.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result.\n\nThis issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless.\n\nThis issue was discovered through fuzzing of Wasmtime's code generator Cranelift.\n\nWasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability."
},
{
"lang": "es",
"value": "Wasmtime es un standalone en tiempo de ejecuci\u00f3n para WebAssembly. Las versiones de Wasmtime desde 10.0.0 hasta las versiones 10.02, 11.0.2 y 12.0.1 contienen una mala compilaci\u00f3n de la instrucci\u00f3n WebAssembly `i64x2.shr_s` en plataformas x86_64 cuando la cantidad de desplazamiento es un valor constante mayor que 32. Solo x86_64 es afectado por lo que todos los dem\u00e1s objetivos no se ven afectados por esto. La mala compilaci\u00f3n da como resultado que la instrucci\u00f3n produzca un resultado incorrecto, es decir, los 32 bits bajos del segundo carril del vector se derivan de los 32 bits bajos del segundo carril del vector de entrada en lugar de los 32 bits altos. El impacto principal de este problema es que cualquier programa WebAssembly que utilice `i64x2.shr_s` con una cantidad de desplazamiento constante mayor que 32 puede producir un resultado incorrecto. Este problema no es un escape del entorno limitado de WebAssembly. La ejecuci\u00f3n de los programas invitados de WebAssembly seguir\u00e1 comport\u00e1ndose correctamente con respecto al espacio aislado de la memoria y el aislamiento del host. No obstante, Wasmtime considera el comportamiento que no cumple con las especificaciones como un problema de seguridad. Este problema se descubri\u00f3 mediante la confusi\u00f3n del generador de c\u00f3digo Cranelift de Wasmtime. Las versiones 10.0.2, 11.0.2 y 12.0.2 de Wasmtime est\u00e1n parcheadas para que ya no tengan esta mala compilaci\u00f3n. Este problema solo afecta a los hosts x86_64 y la \u00fanica soluci\u00f3n es buscar este patr\u00f3n en los m\u00f3dulos wasm, lo cual no es trivial, o deshabilitar la propuesta SIMD para WebAssembly. Los usuarios anteriores a 10.0.0 no se ven afectados por esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +70,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:x64:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.2",
"matchCriteriaId": "86124D0A-F8ED-4D8C-8DA4-1D1376EAF38A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:x64:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.2",
"matchCriteriaId": "9F0CA660-E2F9-4455-ABF5-41A8B8B67212"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:x64:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.0.2",
"matchCriteriaId": "EE886793-5F3B-492D-817D-79577FE7A8A5"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bytecodealliance/wasmtime/commit/8d7eda15b0badcbea83a7aac2d08f80788b59240",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/bytecodealliance/wasmtime/pull/6372",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh#:~:text=Mailing%20list%20announcement",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-423xx/CVE-2023-42320.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-42320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T16:15:45.797",
"lastModified": "2023-09-18T18:23:59.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:37:44.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function."
},
{
"lang": "es",
"value": "La vulnerabilidad de Desbordamiento de B\u00fafer en Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s del par\u00e1metro mac en la funci\u00f3n GetParentControlInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-423xx/CVE-2023-42328.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-42328",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T16:15:45.943",
"lastModified": "2023-09-18T18:23:59.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:48:17.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie."
},
{
"lang": "es",
"value": "Un problema en PeppermintLabs Peppermint v.0.2.4 y anteriores permite a un atacante remoto obtener informaci\u00f3n sensible y ejecutar c\u00f3digo arbitrario a trav\u00e9s de la cookie de sesi\u00f3n codificada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:peppermint:peppermint:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.2.4",
"matchCriteriaId": "B8FFA273-1A2B-4C79-921A-660D074E15A8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blockomat2100.github.io/posts/2023-09-04-damn-vulnerable-ticket-system/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Peppermint-Lab/peppermint/blob/446a20b870bc68157eaafcb7275c289d76bfb29e/apps/client/pages/api/auth/%5B...nextauth%5D.js#L65",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://peppermint.sh/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

74
CVE-2023/CVE-2023-423xx/CVE-2023-42371.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-42371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T15:15:46.870",
"lastModified": "2023-09-18T18:23:59.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:26:09.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting en Summernote Rich Text Editor v.0.8.18 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n de inserci\u00f3n de enlace en el componente del editor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:summernote:rich_text_editor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.8.18",
"matchCriteriaId": "0EA6AE3D-A92D-4633-9C45-CD4E4CA9B6A8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://hacker.soarescorp.com/cve/2023-42371/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://summernote.org/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

74
CVE-2023/CVE-2023-423xx/CVE-2023-42387.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-42387",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T15:15:47.033",
"lastModified": "2023-09-18T18:23:59.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:29:49.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php."
},
{
"lang": "es",
"value": "Un problema en la plataforma de administraci\u00f3n TDSQL Chitu v.10.3.19.5.0 permite que un atacante remoto obtenga informaci\u00f3n sensible a trav\u00e9s de la funci\u00f3n get_db_info en install.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tdsql_chitu_project:tdsql_chitu:10.3.19.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E0F88A-39F1-4D15-9C02-3BCDAE84938C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ranhn/TDSQL",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ranhn/TDSQL.git",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-424xx/CVE-2023-42456.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-42456",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T16:15:09.980",
"lastModified": "2023-09-21T16:15:09.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user).\n\nAn issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system.\n\nAn attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.\n\nThe issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.\n\nThe `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue."
},
{
"lang": "es",
"value": "Sudo-rs, una implementaci\u00f3n segura de memoria de sudo y su, permite a los usuarios no tener que ingresar autenticaci\u00f3n en cada intento de sudo, sino que solo requiere autenticaci\u00f3n de vez en cuando en cada terminal o grupo de procesos. Solo una vez que haya transcurrido un tiempo de espera configurable, el usuario deber\u00e1 volver a autenticarse. Esta funcionalidad admite un conjunto de archivos de sesi\u00f3n (marcas de tiempo) para cada usuario, almacenados en `/var/run/sudo-rs/ts`. Estos archivos se nombran seg\u00fan el nombre de usuario desde el que se realiza el intento de sudo (el usuario de origen). Se descubri\u00f3 un problema en versiones anteriores a la 0.2.1 donde los nombres de usuario que conten\u00edan los caracteres `.` y `/` pod\u00edan provocar la corrupci\u00f3n de archivos espec\u00edficos en el sistema de archivos. Como los nombres de usuario generalmente no est\u00e1n limitados por los caracteres que pueden contener, se puede construir un nombre de usuario que parezca un Path Traversal. Por ejemplo, podr\u00edamos agregar un usuario al sistema que contenga el nombre de usuario `../../../../bin/cp`. Cuando iniciaba sesi\u00f3n como usuario con ese nombre, ese usuario pod\u00eda ejecutar `sudo -K` para borrar su archivo de registro de sesi\u00f3n. Luego, el c\u00f3digo de sesi\u00f3n construye la ruta al archivo de sesi\u00f3n concatenando el nombre de usuario al directorio de almacenamiento del archivo de sesi\u00f3n, lo que da como resultado una ruta resuelta de `/bin/cp`. Luego, el c\u00f3digo borra ese archivo, lo que da como resultado que el binario `cp` se elimine efectivamente del sistema. Un atacante debe poder iniciar sesi\u00f3n como usuario con un nombre de usuario construido. Dado que es poco probable que dicho nombre de usuario exista en un sistema existente, tambi\u00e9n deber\u00e1n poder crear usuarios con los nombres de usuario creados. El problema se solucion\u00f3 en la versi\u00f3n 0.2.1 de sudo-rs. Sudo-rs ahora usa el uid del usuario en lugar de su nombre de usuario para determinar el nombre del archivo. Tenga en cuenta que una actualizaci\u00f3n a esta versi\u00f3n har\u00e1 que se ignoren los archivos de sesi\u00f3n existentes y los usuarios se ver\u00e1n obligados a volver a autenticarse. Tambi\u00e9n elimina por completo cualquier posibilidad de Path Traversal, dado que los uids son siempre valores enteros. Los comandos `sudo -K` y `sudo -k` se pueden ejecutar, incluso si un usuario no tiene acceso a sudo. Como workaround, aseg\u00farese de que su sistema no contenga ning\u00fan usuario con un nombre de usuario especialmente manipulado. Si bien este es el caso y aunque los usuarios que no son de confianza no tienen la capacidad de crear usuarios arbitrarios en el sistema, no se deber\u00eda poder explotar este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-424xx/CVE-2023-42457.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42457",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.943",
"lastModified": "2023-09-21T15:15:10.943",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).\n"
},
{
"lang": "es",
"value": "plone.rest permite a los usuarios utilizar verbos HTTP como GET, POST, PUT, DELETE, etc. en Plone. A partir de la rama 2.x y antes de las versiones 2.0.1 y 3.0.1, cuando el recorridor `++api++` se usa accidentalmente varias veces en una URL, su manejo lleva cada vez m\u00e1s tiempo, lo que hace que el servidor responda menos. Los parches est\u00e1n disponibles en `plone.rest` 2.0.1 y 3.0.1. La serie 1.x no se ve afectada. Como workaround, se puede redirigir `/++api++/++api++` a `/++api++` en el servidor web frontend (nginx, Apache)."
}
],
"metrics": {

67
CVE-2023/CVE-2023-424xx/CVE-2023-42458.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-42458",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:22.483",
"lastModified": "2023-09-21T17:15:22.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-428xx/CVE-2023-42805.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-42805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.353",
"lastModified": "2023-09-21T17:15:23.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/quinn-rs/quinn/pull/1667",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1668",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1669",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-428xx/CVE-2023-42806.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-42806",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.583",
"lastModified": "2023-09-21T17:15:23.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-428xx/CVE-2023-42807.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42807",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.950",
"lastModified": "2023-09-21T17:15:23.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63",
"source": "security-advisories@github.com"
}
]
}

75
CVE-2023/CVE-2023-431xx/CVE-2023-43115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43115",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T08:15:07.380",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T16:27:00.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el par\u00e1metro IjsServer, despu\u00e9s de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una l\u00ednea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.01.2",
"matchCriteriaId": "E6D70C21-E523-4DC9-AB91-E44E17296341"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707051",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://ghostscript.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

8
CVE-2023/CVE-2023-432xx/CVE-2023-43235.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43235",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:09.917",
"lastModified": "2023-09-21T13:15:09.917",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G v1.0.2B05 conten\u00eda un Desbordamiento del B\u00fafer mediante los par\u00e1metros StartTime y EndTime en SetWifiDownSettings."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43236.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43236",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.127",
"lastModified": "2023-09-21T13:15:10.127",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer a trav\u00e9s del par\u00e1metro statuscheckpppoeuser en dir_setWanWifi."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43237.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43237",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.253",
"lastModified": "2023-09-21T13:15:10.253",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro macCloneMac en setMAC."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43238.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43238",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.353",
"lastModified": "2023-09-21T13:15:10.353",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro nvmacaddr en form2Dhcpip.cgi."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43239.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.470",
"lastModified": "2023-09-21T13:15:10.470",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer a trav\u00e9s del par\u00e1metro flag_5G en showMACfilterMAC."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43240.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43240",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.583",
"lastModified": "2023-09-21T13:15:10.583",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer a trav\u00e9s del par\u00e1metro sip_address en ipportFilter."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43241.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43241",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.680",
"lastModified": "2023-09-21T13:15:10.680",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G v1.0.2B05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro TXPower y GuardInt en SetWLanRadioSecurity."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43242.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43242",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.797",
"lastModified": "2023-09-21T13:15:10.797",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro removeRuleList en form2IPQoSTcDel."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43274.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43274",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T14:15:10.003",
"lastModified": "2023-09-21T14:15:10.003",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter."
},
{
"lang": "es",
"value": "Phpjabbers PHP Shopping Cart 4.2 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-433xx/CVE-2023-43309.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43309",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T14:15:10.750",
"lastModified": "2023-09-21T14:15:10.750",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de Stored Cross-Site Scripting (XSS) en Webmin 2.002 y versiones anteriores a trav\u00e9s del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-436xx/CVE-2023-43631.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43631",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:10.870",
"lastModified": "2023-09-21T14:15:10.870",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nOn boot, the Pillar eve container checks for the existence and content of\n\u201c/config/authorized_keys\u201d.\n\nIf the file is present, and contains a supported public key, the container will go on to open\nport 22 and enable sshd with the given keys as the authorized keys for root login.\n\nAn attacker could easily add their own keys and gain full control over the system without\ntriggering the \u201cmeasured boot\u201d mechanism implemented by EVE OS, and without marking\nthe device as \u201cUUD\u201d (\u201cUnknown Update Detected\u201d).\n\nThis is because the \u201c/config\u201d partition is not protected by \u201cmeasured boot\u201d, it is mutable, and\nit is not encrypted in any way.\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the \u201cmeasured boot\u201d mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n\u2022 aa3501d6c57206ced222c33aea15a9169d629141\n\n\u2022 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot."
},
{
"lang": "es",
"value": "Al arrancar, el contenedor Pillar eve comprueba la existencia y el contenido de \u201c/config/authorized_keys\u201d. Si el archivo est\u00e1 presente y contiene una clave p\u00fablica compatible, el contenedor abrir\u00e1 el puerto 22 y habilitar\u00e1 sshd con las claves proporcionadas como claves autorizadas para el inicio de sesi\u00f3n de root. Un atacante podr\u00eda agregar f\u00e1cilmente sus propias claves y obtener control total sobre el sistema sin activar el mecanismo de \"\"measured boot\"\" implementado por EVE OS y sin marcar el dispositivo como \"\"UUD\"\" (\"\"Actualizaci\u00f3n Desconocida Detectada\"\"). Esto se debe a que la partici\u00f3n \u201c/config\u201d no est\u00e1 protegida por \u201cmeasured boot\u201d, es mutable y no est\u00e1 cifrada de ninguna manera. Un atacante puede obtener control total sobre el dispositivo sin cambiar los valores de PCR, por lo que no activar\u00e1 el mecanismo de \"\"measured boot\"\" y tendr\u00e1 acceso completo a \"\"vault\"\". Nota: Este problema se solucion\u00f3 parcialmente en estos commits (despu\u00e9s de la divulgaci\u00f3n a Zededa), donde la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n se agreg\u00f3 a PCR13:\n\u2022 aa3501d6c57206ced222c33aea15a9169d629141 \n\u2022 5fef4d92e75838cc78010edaed5247dfbdae1889. \nEste problema se hizo viable en la versi\u00f3n 9.0.0 cuando el c\u00e1lculo se traslad\u00f3 a PCR14, pero no se incluy\u00f3 en el \"\"measured boot\"\"."
}
],
"metrics": {

8
CVE-2023/CVE-2023-436xx/CVE-2023-43632.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43632",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.157",
"lastModified": "2023-09-21T14:15:11.157",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAs noted in the \u201cVTPM.md\u201d file in the eve documentation, \u201cVTPM is a server listening on port\n8877 in EVE, exposing limited functionality of the TPM to the clients. \nVTPM allows clients to\nexecute tpm2-tools binaries from a list of hardcoded options\u201d\nThe communication with this server is done using protobuf, and the data is comprised of 2\nparts:\n\n1. Header\n\n2. Data\n\nWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,\nand these 4 bytes would be parsed as uint32 size of the actual data to come.\n\nThen, in the function \u201chandleRequest\u201d this size is then used in order to allocate a payload on\nthe stack for the incoming data.\n\nAs this payload is allocated on the stack, this will allow overflowing the stack size allocated for\nthe relevant process with freely controlled data.\n\n* An attacker can crash the system. \n* An attacker can gain control over the system, specifically on the \u201cvtpm_server\u201d process\nwhich has very high privileges.\n\n\n"
},
{
"lang": "es",
"value": "Como se indica en el archivo \u201cVTPM.md\u201d en la documentaci\u00f3n de eve, \u201cVTPM es un servidor que escucha en el puerto 8877 en EVE, lo que expone la funcionalidad limitada del TPM a los clientes. VTPM permite a los clientes ejecutar binarios de tpm2-tools a partir de una lista de opciones codificadas. La comunicaci\u00f3n con este servidor se realiza mediante protobuf y los datos se componen de 2 partes: 1. Encabezado 2. Datos Cuando se realiza una conexi\u00f3n, el servidor esperando 4 bytes de datos, que ser\u00e1n el encabezado, y estos 4 bytes se analizar\u00e1n como el tama\u00f1o uint32 de los datos reales siguientes. Luego, en la funci\u00f3n \"\"handleRequest\"\", este tama\u00f1o se usa para asignar un payload en memoria para los datos entrantes. A medida que este payload se asigna en la memoria, esto permitir\u00e1 desbordar el tama\u00f1o asignado para el proceso relevante con datos libremente controlados. \n* Un atacante puede bloquear el sistema. \n* Un atacante puede obtener control sobre el sistema, espec\u00edficamente sobre el proceso \"\"vtpm_server\"\", que tiene privilegios muy altos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-436xx/CVE-2023-43633.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43633",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.330",
"lastModified": "2023-09-21T14:15:11.330",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nOn boot, the Pillar eve container checks for the existence and content of\n\u201c/config/GlobalConfig/global.json\u201d.\n\nIf the file exists, it overrides the existing configuration on the device on boot.\n\nThis allows an attacker to change the system\u2019s configuration, which also includes some\ndebug functions.\n\nThis could be used to unlock the ssh with custom \u201cauthorized_keys\u201d via the\n\u201cdebug.enable.ssh\u201d key, similar to the \u201cauthorized_keys\u201d finding that was noted before.\n\nOther usages include unlocking the usb to enable the keyboard via the \u201cdebug.enable.usb\u201d\nkey, allowing VNC access via the \u201capp.allow.vnc\u201d key, and more.\n\nAn attacker could easily enable these debug functionalities without triggering the \u201cmeasured\nboot\u201d mechanism implemented by EVE OS, and without marking the device as \u201cUUD\u201d\n(\u201cUnknown Update Detected\u201d).\nThis is because the \u201c/config\u201d partition is not protected by \u201cmeasured boot\u201d, it is mutable and it\nis not encrypted in any way.\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thereby not\ntriggering the \u201cmeasured boot\u201d mechanism, and having full access to the vault.\n\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n\u2022 aa3501d6c57206ced222c33aea15a9169d629141\n\n\u2022 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot."
},
{
"lang": "es",
"value": "Al arrancar, el contenedor Pillar eve comprueba la existencia y el contenido de \u201c/config/GlobalConfig/global.json\u201d. Si el archivo existe, anula la configuraci\u00f3n existente en el dispositivo al arrancar. Esto permite a un atacante cambiar la configuraci\u00f3n del sistema, que tambi\u00e9n incluye algunas funciones de depuraci\u00f3n. Esto podr\u00eda usarse para desbloquear el ssh con \u201cclaves_autorizadas\u201d personalizadas a trav\u00e9s de la clave \u201cdebug.enable.ssh\u201d, similar al hallazgo de \u201cclaves_autorizadas\u201d que se se\u00f1al\u00f3 anteriormente. Otros usos incluyen desbloquear el USB para habilitar el teclado mediante la tecla \"\"debug.enable.usb\"\", permitir el acceso a VNC mediante la tecla \"\"app.allow.vnc\"\" y m\u00e1s. Un atacante podr\u00eda habilitar f\u00e1cilmente estas funcionalidades de depuraci\u00f3n sin activar el mecanismo de \"\"measured boot\"\" implementado por EVE OS y sin marcar el dispositivo como \"\"UUD\"\" (\"\"Actualizaci\u00f3n desconocida detectada\"\"). Esto se debe a que la partici\u00f3n \u201c/config\u201d no est\u00e1 protegida por \u201cmeasured boot\u201d, es mutable y no est\u00e1 cifrada de ninguna manera. Un atacante puede obtener control total sobre el dispositivo sin cambiar los valores de PCR, por lo que no activar\u00e1 el mecanismo de \"\"measured boot\"\" y tendr\u00e1 acceso completo a \"\"vault\"\". Nota: Este problema se solucion\u00f3 parcialmente en estos commits (despu\u00e9s de la divulgaci\u00f3n a Zededa), donde la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n se agreg\u00f3 a PCR13: \n\u2022 aa3501d6c57206ced222c33aea15a9169d629141 \n\u2022 5fef4d92e75838cc78010edaed5247dfbdae1889. \nEste problema se hizo viable en la versi\u00f3n 9.0.0 cuando el c\u00e1lculo se traslad\u00f3 a PCR14, pero no se incluy\u00f3 en el \"\"measured boot\"\"."
}
],
"metrics": {

8
CVE-2023/CVE-2023-436xx/CVE-2023-43634.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43634",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.477",
"lastModified": "2023-09-21T14:15:11.477",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nWhen sealing/unsealing the \u201cvault\u201d key, a list of PCRs is used, which defines which PCRs\nare used.\n\nIn a previous project, CYMOTIVE found that the configuration is not protected by the secure\nboot, and in response Zededa implemented measurements on the config partition that was\nmapped to PCR 13.\n\nIn that process, PCR 13 was added to the list of PCRs that seal/unseal the key.\n\nIn commit \u201c56e589749c6ff58ded862d39535d43253b249acf\u201d, the config partition\nmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of\nPCRs that seal/unseal the key.\n\nThis change makes the measurement of PCR 14 effectively redundant as it would not affect\nthe sealing/unsealing of the key.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted \u201cvault\u201d\n\n\n\n\n"
},
{
"lang": "es",
"value": "Al sellar/abrir la clave de \u201cvault\u201d, se utiliza una lista de PCRs, que define qu\u00e9 PCRs se utilizan. En un proyecto anterior, CYMOTIVE descubri\u00f3 que la configuraci\u00f3n no est\u00e1 protegida por el arranque seguro y, en respuesta, Zededa implement\u00f3 medidas en la partici\u00f3n de configuraci\u00f3n que estaba asignada a PCR 13. En ese proceso, PCR 13 se agreg\u00f3 a la lista de PCRs que sellan /abrir la llave. En la confirmaci\u00f3n \u201c56e589749c6ff58ded862d39535d43253b249acf\u201d, la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n pas\u00f3 de PCR 13 a PCR 14, pero PCR 14 no se agreg\u00f3 a la lista de PCR que sellan/abren la clave. Este cambio hace que la medici\u00f3n de PCR 14 sea efectivamente redundante ya que no afectar\u00eda el sellado/abrir de la llave. Un atacante podr\u00eda modificar la partici\u00f3n de configuraci\u00f3n sin activar el arranque medido, lo que podr\u00eda dar como resultado que el atacante obtenga control total sobre el dispositivo con acceso completo al contenido de la \"vault\" cifrada.\n"
}
],
"metrics": {

8
CVE-2023/CVE-2023-436xx/CVE-2023-43637.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43637",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.643",
"lastModified": "2023-09-21T14:15:11.643",
"vulnStatus": "Received",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDue to the implementation of \"deriveVaultKey\", prior to version 7.10, the generated vault key\nwould always have the last 16 bytes predetermined to be \"arfoobarfoobarfo\".\n\nThis issue happens because \"deriveVaultKey\" calls \"retrieveCloudKey\" (which will always\nreturn \"foobarfoobarfoobarfoobarfoobarfo\" as the key), and then merges the 32byte\nrandomly generated key with this key (by takeing 16bytes from each, see \"mergeKeys\").\n\nThis makes the key a lot weaker.\n\nThis issue does not persist in devices that were initialized on/after version 7.10, but devices\nthat were initialized before that and updated to a newer version still have this issue.\n\n\n\nRoll an update that enforces the full 32bytes key usage.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Debido a la implementaci\u00f3n de \"deriveVaultKey\", antes de la versi\u00f3n 7.10, la clave de almac\u00e9n generada siempre tendr\u00eda los \u00faltimos 16 bytes predeterminados como \"arfoobarfoobarfo\". Este problema ocurre porque \"deriveVaultKey\" llama a \"retrieveCloudKey\" (que siempre devolver\u00e1 \"foobarfoobarfoobarfoobarfoobarfo\" como clave) y luego fusiona la clave de 32 bytes generada aleatoriamente con esta clave (tomando 16 bytes de cada una, consulte \"mergeKeys\"). Esto debilita mucho la clave. Este problema no persiste en los dispositivos que se inicializaron en la versi\u00f3n 7.10 o posteriores, pero los dispositivos que se inicializaron antes y se actualizaron a una versi\u00f3n m\u00e1s reciente a\u00fan tienen este problema. Implemente una actualizaci\u00f3n que imponga el uso completo de la clave de 32 bytes."
}
],
"metrics": {

86
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-09-18T18:23:59.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-21T17:55:12.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +54,72 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.39",
"matchCriteriaId": "9B07E72A-FA10-49C2-BBE3-468AF836A462"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4527",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234712",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-48xx/CVE-2023-4807.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4807",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-09-08T12:15:08.043",
"lastModified": "2023-09-14T16:43:57.203",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-21T17:15:24.233",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: la implementaci\u00f3n POLY1305 MAC (c\u00f3digo de autenticaci\u00f3n de mensajes) contiene un error que podr\u00eda da\u00f1ar el estado interno de las aplicaciones en la plataforma Windows 64 cuando se ejecutan en procesadores X86_64 m\u00e1s nuevos que admiten las instrucciones AVX512-IFMA. Resumen del impacto: si en una aplicaci\u00f3n que usa la librer\u00eda OpenSSL un atacante puede influir en si se usa el algoritmo MAC POLY1305, el estado de la aplicaci\u00f3n podr\u00eda corromperse con varias consecuencias dependientes de la aplicaci\u00f3n. La implementaci\u00f3n POLY1305 MAC (c\u00f3digo de autenticaci\u00f3n de mensajes) en OpenSSL no guarda el contenido de los registros XMM no vol\u00e1tiles en la plataforma Windows 64 al calcular la MAC de datos de m\u00e1s de 64 bytes. Antes de regresar a la persona que llama, todos los registros XMM se establecen en cero en lugar de restaurar su contenido anterior. El c\u00f3digo vulnerable se utiliza s\u00f3lo en procesadores x86_64 m\u00e1s nuevos que admiten las instrucciones AVX512-IFMA. Las consecuencias de este tipo de corrupci\u00f3n del estado de la aplicaci\u00f3n interna pueden ser diversas: desde ninguna consecuencia, si la aplicaci\u00f3n que llama no depende en absoluto del contenido de los registros XMM no vol\u00e1tiles, hasta las peores consecuencias, donde el atacante podr\u00eda obtener el control total de el proceso de solicitud. Sin embargo, dado que el contenido de los registros simplemente se pone a cero para que el atacante no pueda colocar valores arbitrarios en su interior, la consecuencia m\u00e1s probable, si la hubiera, ser\u00eda un resultado incorrecto de algunos c\u00e1lculos dependientes de la aplicaci\u00f3n o una falla que provocar\u00eda una denegaci\u00f3n de servicio. El algoritmo POLY1305 MAC se utiliza con mayor frecuencia como parte del algoritmo CHACHA20-POLY1305 AEAD (cifrado autenticado con datos asociados). El uso m\u00e1s com\u00fan de este cifrado AEAD es con las versiones 1.2 y 1.3 del protocolo TLS y un cliente malicioso puede influir en si el servidor utiliza este cifrado AEAD. Esto implica que las aplicaciones de servidor que utilizan OpenSSL pueden verse potencialmente afectadas. Sin embargo, actualmente no conocemos ninguna aplicaci\u00f3n concreta que pueda verse afectada por este problema, por lo que lo consideramos un problema de seguridad de gravedad Baja. Como workaround, el soporte de instrucciones AVX512-IFMA se puede desactivar en tiempo de ejecuci\u00f3n configurando la variable de entorno OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 El proveedor FIPS no se ve afectado por este problema."
}
],
"metrics": {
@ -104,6 +108,10 @@
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0001/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20230908.txt",
"source": "openssl-security@openssl.org",

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-21T16:00:24.349266+00:00
2023-09-21T18:00:25.216347+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-21T15:27:38.020000+00:00
2023-09-21T17:59:10.547000+00:00
```
### Last Data Feed Release
@ -29,37 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225999
226005
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `6`
* [CVE-2023-43274](CVE-2023/CVE-2023-432xx/CVE-2023-43274.json) (`2023-09-21T14:15:10.003`)
* [CVE-2023-43309](CVE-2023/CVE-2023-433xx/CVE-2023-43309.json) (`2023-09-21T14:15:10.750`)
* [CVE-2023-43631](CVE-2023/CVE-2023-436xx/CVE-2023-43631.json) (`2023-09-21T14:15:10.870`)
* [CVE-2023-43632](CVE-2023/CVE-2023-436xx/CVE-2023-43632.json) (`2023-09-21T14:15:11.157`)
* [CVE-2023-43633](CVE-2023/CVE-2023-436xx/CVE-2023-43633.json) (`2023-09-21T14:15:11.330`)
* [CVE-2023-43634](CVE-2023/CVE-2023-436xx/CVE-2023-43634.json) (`2023-09-21T14:15:11.477`)
* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-09-21T14:15:11.643`)
* [CVE-2023-40183](CVE-2023/CVE-2023-401xx/CVE-2023-40183.json) (`2023-09-21T15:15:10.197`)
* [CVE-2023-41048](CVE-2023/CVE-2023-410xx/CVE-2023-41048.json) (`2023-09-21T15:15:10.667`)
* [CVE-2023-42457](CVE-2023/CVE-2023-424xx/CVE-2023-42457.json) (`2023-09-21T15:15:10.943`)
* [CVE-2023-42456](CVE-2023/CVE-2023-424xx/CVE-2023-42456.json) (`2023-09-21T16:15:09.980`)
* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-21T17:15:16.050`)
* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-21T17:15:22.483`)
* [CVE-2023-42805](CVE-2023/CVE-2023-428xx/CVE-2023-42805.json) (`2023-09-21T17:15:23.353`)
* [CVE-2023-42806](CVE-2023/CVE-2023-428xx/CVE-2023-42806.json) (`2023-09-21T17:15:23.583`)
* [CVE-2023-42807](CVE-2023/CVE-2023-428xx/CVE-2023-42807.json) (`2023-09-21T17:15:23.950`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `36`
* [CVE-2022-20917](CVE-2022/CVE-2022-209xx/CVE-2022-20917.json) (`2023-09-21T14:50:43.977`)
* [CVE-2023-38507](CVE-2023/CVE-2023-385xx/CVE-2023-38507.json) (`2023-09-21T14:09:16.523`)
* [CVE-2023-36562](CVE-2023/CVE-2023-365xx/CVE-2023-36562.json) (`2023-09-21T14:14:05.540`)
* [CVE-2023-36160](CVE-2023/CVE-2023-361xx/CVE-2023-36160.json) (`2023-09-21T14:34:02.547`)
* [CVE-2023-20194](CVE-2023/CVE-2023-201xx/CVE-2023-20194.json) (`2023-09-21T14:42:51.847`)
* [CVE-2023-40018](CVE-2023/CVE-2023-400xx/CVE-2023-40018.json) (`2023-09-21T15:05:34.567`)
* [CVE-2023-32187](CVE-2023/CVE-2023-321xx/CVE-2023-32187.json) (`2023-09-21T15:21:31.567`)
* [CVE-2023-41929](CVE-2023/CVE-2023-419xx/CVE-2023-41929.json) (`2023-09-21T15:27:38.020`)
* [CVE-2023-43274](CVE-2023/CVE-2023-432xx/CVE-2023-43274.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-43309](CVE-2023/CVE-2023-433xx/CVE-2023-43309.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-43631](CVE-2023/CVE-2023-436xx/CVE-2023-43631.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-43632](CVE-2023/CVE-2023-436xx/CVE-2023-43632.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-43633](CVE-2023/CVE-2023-436xx/CVE-2023-43633.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-43634](CVE-2023/CVE-2023-436xx/CVE-2023-43634.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-40183](CVE-2023/CVE-2023-401xx/CVE-2023-40183.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-41048](CVE-2023/CVE-2023-410xx/CVE-2023-41048.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-42457](CVE-2023/CVE-2023-424xx/CVE-2023-42457.json) (`2023-09-21T16:08:49.637`)
* [CVE-2023-38557](CVE-2023/CVE-2023-385xx/CVE-2023-38557.json) (`2023-09-21T16:12:01.620`)
* [CVE-2023-41880](CVE-2023/CVE-2023-418xx/CVE-2023-41880.json) (`2023-09-21T16:17:54.780`)
* [CVE-2023-43115](CVE-2023/CVE-2023-431xx/CVE-2023-43115.json) (`2023-09-21T16:27:00.170`)
* [CVE-2023-1409](CVE-2023/CVE-2023-14xx/CVE-2023-1409.json) (`2023-09-21T17:15:15.390`)
* [CVE-2023-35011](CVE-2023/CVE-2023-350xx/CVE-2023-35011.json) (`2023-09-21T17:15:16.340`)
* [CVE-2023-41080](CVE-2023/CVE-2023-410xx/CVE-2023-41080.json) (`2023-09-21T17:15:21.673`)
* [CVE-2023-4807](CVE-2023/CVE-2023-48xx/CVE-2023-4807.json) (`2023-09-21T17:15:24.233`)
* [CVE-2023-34195](CVE-2023/CVE-2023-341xx/CVE-2023-34195.json) (`2023-09-21T17:22:14.967`)
* [CVE-2023-42371](CVE-2023/CVE-2023-423xx/CVE-2023-42371.json) (`2023-09-21T17:26:09.130`)
* [CVE-2023-42387](CVE-2023/CVE-2023-423xx/CVE-2023-42387.json) (`2023-09-21T17:29:49.900`)
* [CVE-2023-41595](CVE-2023/CVE-2023-415xx/CVE-2023-41595.json) (`2023-09-21T17:31:59.773`)
* [CVE-2023-42320](CVE-2023/CVE-2023-423xx/CVE-2023-42320.json) (`2023-09-21T17:37:44.687`)
* [CVE-2023-42328](CVE-2023/CVE-2023-423xx/CVE-2023-42328.json) (`2023-09-21T17:48:17.520`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-21T17:55:12.113`)
* [CVE-2023-40019](CVE-2023/CVE-2023-400xx/CVE-2023-40019.json) (`2023-09-21T17:59:10.547`)
## Download and Usage