admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-22T04:00:24.432039+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-22 04:00:27 +00:00
parent 569e374954
commit 22de1d47b7
29 changed files with 2041 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
CVE-2023/CVE-2023-21xx/CVE-2023-2163.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2163",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-20T06:15:10.233",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:02:18.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-682"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -50,10 +80,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "6.3",
"matchCriteriaId": "491F7279-0F8E-413F-9D46-FFEBDBF1DAEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DC271202-7570-4505-89A4-D602D47BFD00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D413BB6D-4F74-4C7D-9163-47786619EF53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "F4D613FB-9976-4989-8C4A-567773373CEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B1240A34-749A-49F5-B8DD-C09441AD2228"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-361xx/CVE-2023-36109.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-36109",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T22:15:12.750",
"lastModified": "2023-09-20T22:23:12.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:12:15.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jerryscript:jerryscript:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB8D818-8F21-4FD3-8D4D-A024A6346CB4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Limesss/CVE-2023-36109/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/jerryscript-project/jerryscript/issues/5080",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-362xx/CVE-2023-36234.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-36234",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T22:15:12.920",
"lastModified": "2023-09-20T22:23:12.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:13:39.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Netbox 3.5.1 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo Name en funciones de dispositivo/funci\u00f3n agregar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netbox_project:netbox:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC83B0FC-B189-4C58-9CD6-E6EB667635A9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gozan10/cve/issues/6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2023/CVE-2023-409xx/CVE-2023-40930.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40930",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.687",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:09:30.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Skyworth 3.0 OS is vulnerable to Directory Traversal."
},
{
"lang": "es",
"value": "El sistema operativo Skyworth 3.0 es vulnerable a Directory Traversal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:skyworth:skyworth_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D200A1C-2963-48B4-9874-D2712627D12E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/NSnidie/2af70d58426c4563b2f11171379fdd8c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-414xx/CVE-2023-41484.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-41484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.747",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:09:42.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file."
},
{
"lang": "es",
"value": "Un problema en cimg.eu Cimg Library v2.9.3 permite a un atacante obtener informaci\u00f3n sensible a trav\u00e9s de un archivo JPEG manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cimg:cimg:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "210DEF50-BD39-432B-9B35-80F58CDF4C2C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/eddieantonio/imgcat/issues/49",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-421xx/CVE-2023-42147.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-42147",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.800",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:10:05.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component."
},
{
"lang": "es",
"value": "Un problema en CloudExplorer Lite 1.3.1 permite a un atacante obtener informaci\u00f3n sensible a trav\u00e9s del componente de clave de inicio de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:cloudexplorer_lite:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB2853B-5A5A-40C5-9B57-68BBE08FE475"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cnblogs.com/xyhz/p/17667095.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-423xx/CVE-2023-42331.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-42331",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.853",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:10:19.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos en EliteCMS 1.01 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente Manage_uploads.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elitecms:elite_cms:1.01:*:*:*:-:*:*:*",
"matchCriteriaId": "6A277BC1-8C5E-49E5-A76C-8E1DFE30420E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Num-Nine/CVE/issues/4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-423xx/CVE-2023-42334.json
View File

@ -2,19 +2,84 @@
"id": "CVE-2023-42334",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.907",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:10:48.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter."
},
{
"lang": "es",
"value": "Una referencia de objeto indirecto (IDOR) en Fl3xx Dispatch 2.10.37 y fl3xx Crew 2.10.37 permite a un atacante remoto escalar privilegios a trav\u00e9s del par\u00e1metro de usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fl3xx:crew:2.10.37:*:*:*:*:*:*:*",
"matchCriteriaId": "432F256D-0CED-4F39-AFBA-45B682741FAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fl3xx:dispatch:2.10.37:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB45BC-ADB6-4733-A174-6DF62218C301"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://0xhunter20.medium.com/an-idor-lead-to-viewing-other-users-files-cve-2023-42334-702de328c453",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-423xx/CVE-2023-42335.json
View File

@ -2,19 +2,84 @@
"id": "CVE-2023-42335",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.967",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:11:00.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Carga de Archivos sin Restricciones en Fl3xx Dispatch 2.10.37 y fl3xx Crew 2.10.37 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n agregar archivos adjuntos en el componente New Expense."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fl3xx:crew:2.10.37:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B847555F-C858-46AC-954C-7EED418C5F59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fl3xx:dispatch:2.10.37:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "AD2AC53F-017B-40DB-9297-EE8945E90FB0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://0xhunter20.medium.com/how-i-found-unrestricted-file-upload-in-fl3xx-ios-app-cve-2023-42335-6b1a72da6d65",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-431xx/CVE-2023-43134.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43134",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:12.190",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:11:47.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de acceso no autorizado en Netis 360RAC1200 v1.3.4517, que permite a los atacantes obtener informaci\u00f3n sensible del dispositivo sin autenticaci\u00f3n, obtener tokens de usuario y, en \u00faltima instancia, iniciar sesi\u00f3n en la administraci\u00f3n del backend del dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:360r_firmware:1.3.4517:*:*:*:*:*:*:*",
"matchCriteriaId": "D87D4154-B33F-4615-A555-96E3AAD64C6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:360r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA79FE05-9D84-4380-B928-A8CA92DCD540"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-431xx/CVE-2023-43135.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43135",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T22:15:13.640",
"lastModified": "2023-09-20T22:23:12.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:14:08.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de acceso no autorizado en TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, que permite a los atacantes obtener informaci\u00f3n sensible del dispositivo sin autenticaci\u00f3n, obtener tokens de usuario y, en \u00faltima instancia, iniciar sesi\u00f3n en la administraci\u00f3n del backend del dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*",
"matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-431xx/CVE-2023-43137.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43137",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:12.250",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:11:55.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points."
},
{
"lang": "es",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n tiene una vulnerabilidad de inyecci\u00f3n de comandos, cuando un atacante agrega reglas ACL despu\u00e9s de la autenticaci\u00f3n y el par\u00e1metro de nombre de regla tiene puntos de inyecci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*",
"matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-431xx/CVE-2023-43138.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43138",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:12.303",
"lastModified": "2023-09-20T20:18:37.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T02:12:01.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point."
},
{
"lang": "es",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n tiene una vulnerabilidad de inyecci\u00f3n de comandos, cuando un atacante agrega reglas NAPT despu\u00e9s de la autenticaci\u00f3n y el nombre de la regla tiene un punto de inyecci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*",
"matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43235",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:09.917",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:18:58.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-823G v1.0.2B05 conten\u00eda un Desbordamiento del B\u00fafer mediante los par\u00e1metros StartTime y EndTime en SetWifiDownSettings."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67B980AA-84BE-4D22-B4E7-7B2DBF571B65"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWifiDownSettings/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43236",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.127",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:19:03.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer a trav\u00e9s del par\u00e1metro statuscheckpppoeuser en dir_setWanWifi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "122F83DD-6AD9-4DF1-BAD4-338FDCEC5C50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0BF6D7-F3B3-4E25-807B-21055E5887CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/dir_setWanWifi/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43237",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.253",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:19:09.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro macCloneMac en setMAC."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "122F83DD-6AD9-4DF1-BAD4-338FDCEC5C50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0BF6D7-F3B3-4E25-807B-21055E5887CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/setMAC/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43238",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.353",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:19:15.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro nvmacaddr en form2Dhcpip.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "122F83DD-6AD9-4DF1-BAD4-338FDCEC5C50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0BF6D7-F3B3-4E25-807B-21055E5887CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/form2Dhcpip_cgi/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.470",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:19:27.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer a trav\u00e9s del par\u00e1metro flag_5G en showMACfilterMAC."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "122F83DD-6AD9-4DF1-BAD4-338FDCEC5C50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0BF6D7-F3B3-4E25-807B-21055E5887CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/showMACfilterMAC/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43240",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.583",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:19:41.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer a trav\u00e9s del par\u00e1metro sip_address en ipportFilter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "122F83DD-6AD9-4DF1-BAD4-338FDCEC5C50"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0BF6D7-F3B3-4E25-807B-21055E5887CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/ipportFilter/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43241",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.680",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:19:55.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-823G v1.0.2B05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro TXPower y GuardInt en SetWLanRadioSecurity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*",
"matchCriteriaId": "14A8546A-7F37-43D2-AD1E-DF65C6734057"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-823g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67B980AA-84BE-4D22-B4E7-7B2DBF571B65"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWLanRadioSecurity/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43242",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T13:15:10.797",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:20:01.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "Se descubri\u00f3 que D-Link DIR-816 A2 v1.10CNB05 conten\u00eda un Desbordamiento del B\u00fafer mediante el par\u00e1metro removeRuleList en form2IPQoSTcDel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816a2_firmware:1.10cnb05:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33A27A-B77F-48B9-8E63-C133FD5DCF25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F0BBA5-DCC2-4AD0-9456-57E9E38339F2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/form2IPQoSTcDel/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-432xx/CVE-2023-43274.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43274",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T14:15:10.003",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:15:02.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Phpjabbers PHP Shopping Cart 4.2 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:php_shopping_cart:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3E5A18-4CF9-4308-AF62-E485C856BBC2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-433xx/CVE-2023-43309.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43309",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T14:15:10.750",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:15:37.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Hay una vulnerabilidad de Stored Cross-Site Scripting (XSS) en Webmin 2.002 y versiones anteriores a trav\u00e9s del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.002",
"matchCriteriaId": "7A6202E4-6FD5-4056-A956-30B585DC5FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-436xx/CVE-2023-43617.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43617",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.617",
"lastModified": "2023-09-22T00:15:14.017",
"lastModified": "2023-09-22T02:04:33.587",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -14,19 +14,85 @@
"value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. Cuando se utiliza un secreto compartido personalizado, el remitente y el receptor pueden divulgar partes de este secreto a un Relay que no sea de confianza, como parte de la composici\u00f3n del nombre de una sala."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.5",
"matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/schollz/croc/issues/596",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/08/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-436xx/CVE-2023-43618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.693",
"lastModified": "2023-09-22T00:15:14.457",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:05:00.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,84 @@
"value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. \u00bfEl protocolo requiere que un remitente proporcione sus direcciones IP locales en texto sin cifrar a trav\u00e9s de un ips? mensaje."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.5",
"matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/schollz/croc/issues/597",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/08/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-436xx/CVE-2023-43619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43619",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.773",
"lastModified": "2023-09-22T00:15:14.680",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:05:56.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,85 @@
"value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. Un remitente puede enviar archivos nuevos peligrosos a un receptor, como contenido ejecutable o un archivo .ssh/authorized_keys."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.5",
"matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/schollz/croc/issues/593",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/08/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-436xx/CVE-2023-43620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43620",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.870",
"lastModified": "2023-09-22T00:15:15.040",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:06:06.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,85 @@
"value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. Un remitente puede colocar secuencias de escape ANSI o CSI en un nombre de archivo para atacar el dispositivo terminal de un receptor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.5",
"matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/schollz/croc/issues/595",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/08/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-436xx/CVE-2023-43621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43621",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.950",
"lastModified": "2023-09-22T00:15:15.380",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T02:06:59.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,85 @@
"value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. El secreto compartido, ubicado en una l\u00ednea de comando, puede ser le\u00eddo por usuarios locales que enumeran todos los procesos y sus argumentos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.5",
"matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/schollz/croc/issues/598",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/08/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-22T02:00:24.866060+00:00
2023-09-22T04:00:24.432039+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-22T01:48:21.710000+00:00
2023-09-22T02:20:01.783000+00:00
```
### Last Data Feed Release
@ -34,43 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `0`
* [CVE-2023-31716](CVE-2023/CVE-2023-317xx/CVE-2023-31716.json) (`2023-09-22T00:15:09.757`)
* [CVE-2023-31717](CVE-2023/CVE-2023-317xx/CVE-2023-31717.json) (`2023-09-22T00:15:11.160`)
* [CVE-2023-31718](CVE-2023/CVE-2023-317xx/CVE-2023-31718.json) (`2023-09-22T00:15:11.353`)
* [CVE-2023-31719](CVE-2023/CVE-2023-317xx/CVE-2023-31719.json) (`2023-09-22T00:15:11.480`)
### CVEs modified in the last Commit
Recently modified CVEs: `44`
Recently modified CVEs: `28`
* [CVE-2023-42456](CVE-2023/CVE-2023-424xx/CVE-2023-42456.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42805](CVE-2023/CVE-2023-428xx/CVE-2023-42805.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42806](CVE-2023/CVE-2023-428xx/CVE-2023-42806.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42807](CVE-2023/CVE-2023-428xx/CVE-2023-42807.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42279](CVE-2023/CVE-2023-422xx/CVE-2023-42279.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42810](CVE-2023/CVE-2023-428xx/CVE-2023-42810.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42280](CVE-2023/CVE-2023-422xx/CVE-2023-42280.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-34576](CVE-2023/CVE-2023-345xx/CVE-2023-34576.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42482](CVE-2023/CVE-2023-424xx/CVE-2023-42482.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-38343](CVE-2023/CVE-2023-383xx/CVE-2023-38343.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-38344](CVE-2023/CVE-2023-383xx/CVE-2023-38344.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42261](CVE-2023/CVE-2023-422xx/CVE-2023-42261.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41614](CVE-2023/CVE-2023-416xx/CVE-2023-41614.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41616](CVE-2023/CVE-2023-416xx/CVE-2023-41616.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-5068](CVE-2023/CVE-2023-50xx/CVE-2023-5068.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-22T01:30:11.830`)
* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-22T01:37:33.650`)
* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-22T01:48:21.710`)
* [CVE-2023-43619](CVE-2023/CVE-2023-436xx/CVE-2023-43619.json) (`2023-09-22T02:05:56.723`)
* [CVE-2023-43620](CVE-2023/CVE-2023-436xx/CVE-2023-43620.json) (`2023-09-22T02:06:06.743`)
* [CVE-2023-43621](CVE-2023/CVE-2023-436xx/CVE-2023-43621.json) (`2023-09-22T02:06:59.813`)
* [CVE-2023-40930](CVE-2023/CVE-2023-409xx/CVE-2023-40930.json) (`2023-09-22T02:09:30.007`)
* [CVE-2023-41484](CVE-2023/CVE-2023-414xx/CVE-2023-41484.json) (`2023-09-22T02:09:42.600`)
* [CVE-2023-42147](CVE-2023/CVE-2023-421xx/CVE-2023-42147.json) (`2023-09-22T02:10:05.603`)
* [CVE-2023-42331](CVE-2023/CVE-2023-423xx/CVE-2023-42331.json) (`2023-09-22T02:10:19.257`)
* [CVE-2023-42334](CVE-2023/CVE-2023-423xx/CVE-2023-42334.json) (`2023-09-22T02:10:48.637`)
* [CVE-2023-42335](CVE-2023/CVE-2023-423xx/CVE-2023-42335.json) (`2023-09-22T02:11:00.637`)
* [CVE-2023-43134](CVE-2023/CVE-2023-431xx/CVE-2023-43134.json) (`2023-09-22T02:11:47.020`)
* [CVE-2023-43137](CVE-2023/CVE-2023-431xx/CVE-2023-43137.json) (`2023-09-22T02:11:55.050`)
* [CVE-2023-43138](CVE-2023/CVE-2023-431xx/CVE-2023-43138.json) (`2023-09-22T02:12:01.367`)
* [CVE-2023-36109](CVE-2023/CVE-2023-361xx/CVE-2023-36109.json) (`2023-09-22T02:12:15.177`)
* [CVE-2023-36234](CVE-2023/CVE-2023-362xx/CVE-2023-36234.json) (`2023-09-22T02:13:39.357`)
* [CVE-2023-43135](CVE-2023/CVE-2023-431xx/CVE-2023-43135.json) (`2023-09-22T02:14:08.313`)
* [CVE-2023-43274](CVE-2023/CVE-2023-432xx/CVE-2023-43274.json) (`2023-09-22T02:15:02.017`)
* [CVE-2023-43309](CVE-2023/CVE-2023-433xx/CVE-2023-43309.json) (`2023-09-22T02:15:37.603`)
* [CVE-2023-43235](CVE-2023/CVE-2023-432xx/CVE-2023-43235.json) (`2023-09-22T02:18:58.013`)
* [CVE-2023-43236](CVE-2023/CVE-2023-432xx/CVE-2023-43236.json) (`2023-09-22T02:19:03.217`)
* [CVE-2023-43237](CVE-2023/CVE-2023-432xx/CVE-2023-43237.json) (`2023-09-22T02:19:09.227`)
* [CVE-2023-43238](CVE-2023/CVE-2023-432xx/CVE-2023-43238.json) (`2023-09-22T02:19:15.737`)
* [CVE-2023-43239](CVE-2023/CVE-2023-432xx/CVE-2023-43239.json) (`2023-09-22T02:19:27.603`)
* [CVE-2023-43240](CVE-2023/CVE-2023-432xx/CVE-2023-43240.json) (`2023-09-22T02:19:41.467`)
* [CVE-2023-43241](CVE-2023/CVE-2023-432xx/CVE-2023-43241.json) (`2023-09-22T02:19:55.597`)
* [CVE-2023-43242](CVE-2023/CVE-2023-432xx/CVE-2023-43242.json) (`2023-09-22T02:20:01.783`)
## Download and Usage