admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-27T16:00:25.811912+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-27 16:00:29 +00:00
parent fd999b3e65
commit 246feb21b8
288 changed files with 11044 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2021/CVE-2021-382xx/CVE-2021-38243.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-38243",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:15:54.463",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "xunruicms <=4.5.1 is vulnerable to Remote Code Execution."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/P0wfuu/xunruicms-RCE",
"source": "cve@mitre.org"
}
]
}

6
CVE-2022/CVE-2022-225xx/CVE-2022-22536.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-22536",
"sourceIdentifier": "cna@sap.com",
"published": "2022-02-09T23:15:18.620",
"lastModified": "2023-01-09T20:29:24.850",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-27T15:15:58.430",
"vulnStatus": "Modified",
"cisaExploitAdd": "2022-08-18",
"cisaActionDue": "2022-09-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
"value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\n\n"
},
{
"lang": "es",

10
CVE-2022/CVE-2022-276xx/CVE-2022-27635.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-27635",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:11.817",
"lastModified": "2023-09-23T03:15:10.337",
"lastModified": "2023-09-27T15:16:00.247",
"vulnStatus": "Modified",
"descriptions": [
{
@ -172,9 +172,17 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
"source": "secure@intel.com"
}
]
}

10
CVE-2022/CVE-2022-363xx/CVE-2022-36351.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36351",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:12.807",
"lastModified": "2023-09-23T03:15:19.213",
"lastModified": "2023-09-27T15:16:02.573",
"vulnStatus": "Modified",
"descriptions": [
{
@ -162,9 +162,17 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
"source": "secure@intel.com"
}
]
}

10
CVE-2022/CVE-2022-380xx/CVE-2022-38076.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38076",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:13.843",
"lastModified": "2023-09-23T03:15:20.180",
"lastModified": "2023-09-27T15:16:02.687",
"vulnStatus": "Modified",
"descriptions": [
{
@ -162,9 +162,17 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
"source": "secure@intel.com"
}
]
}

10
CVE-2022/CVE-2022-409xx/CVE-2022-40964.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40964",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:14.603",
"lastModified": "2023-09-23T03:15:20.637",
"lastModified": "2023-09-27T15:16:02.860",
"vulnStatus": "Modified",
"descriptions": [
{
@ -172,9 +172,17 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
"source": "secure@intel.com"
}
]
}

10
CVE-2022/CVE-2022-463xx/CVE-2022-46329.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46329",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:16.540",
"lastModified": "2023-09-23T03:15:21.007",
"lastModified": "2023-09-27T15:16:02.973",
"vulnStatus": "Modified",
"descriptions": [
{
@ -117,9 +117,17 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
"source": "secure@intel.com"
}
]
}

36
CVE-2022/CVE-2022-486xx/CVE-2022-48606.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2022-48606",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-27T15:16:03.060",
"lastModified": "2023-09-27T15:41:20.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

47
CVE-2023/CVE-2023-04xx/CVE-2023-0456.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-0456",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-27T15:16:03.167",
"lastModified": "2023-09-27T15:41:59.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0456",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163586",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-08xx/CVE-2023-0833.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-0833",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-27T15:16:03.257",
"lastModified": "2023-09-27T15:41:59.717",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:1241",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:3223",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0833",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/square/okhttp/issues/6738",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-19xx/CVE-2023-1995.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1995",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-08-29T02:15:07.837",
"lastModified": "2023-09-05T18:51:17.547",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-27T15:16:03.353",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.\n\n"
"value": "Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, \n\nbefore 09-66-17, \n\nbefore 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W\n\n, before 09-66-/Q\n\n; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.\n\n"
}
],
"metrics": {

18
CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20588",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.653",
"lastModified": "2023-09-25T21:15:13.027",
"lastModified": "2023-09-27T15:18:44.433",
"vulnStatus": "Modified",
"descriptions": [
{
@ -926,6 +926,22 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1",
"source": "psirt@amd.com"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-439.html",
"source": "psirt@amd.com"

20
CVE-2023/CVE-2023-234xx/CVE-2023-23495.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-23495",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:45.577",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23958.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23958",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-09-27T15:18:46.280",
"lastModified": "2023-09-27T15:41:20.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@symantec.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "secure@symantec.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22599",
"source": "secure@symantec.com"
}
]
}

63
CVE-2023/CVE-2023-23xx/CVE-2023-2315.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2315",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-09-27T15:18:50.317",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/commit/0a8dd91e385f70e42795380009fd644224c1bc97",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-2315/",
"source": "info@starlabs.sg"
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2358.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2358",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-09-27T15:18:50.790",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-257"
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/19668208622221",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25483.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25483",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:47.587",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <=\u00a02.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-coming-soon/wordpress-easy-coming-soon-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-276xx/CVE-2023-27616.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27616",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.207",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <=\u00a010.6.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-276xx/CVE-2023-27617.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27617",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.370",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <=\u00a010.6.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-276xx/CVE-2023-27622.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27622",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.623",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <=\u00a01.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/guruwalk-affiliates/wordpress-guruwalk-affiliates-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-276xx/CVE-2023-27628.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27628",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.993",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <=\u00a01.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sitekit/wordpress-sitekit-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-280xx/CVE-2023-28055.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28055",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-09-27T15:18:49.297",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-284xx/CVE-2023-28490.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28490",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:49.500",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <=\u00a02.0.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/estatik-mortgage-calculator/wordpress-wordpress-mortgage-calculator-estatik-plugin-2-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28790.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28790",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:49.797",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <=\u00a02.2.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-staff-list/wordpress-simple-staff-list-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-294xx/CVE-2023-29497.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29497",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:49.990",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

55
CVE-2023/CVE-2023-304xx/CVE-2023-30471.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30471",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:51.087",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <=\u00a01.4.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/search-analytics/wordpress-wp-search-analytics-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-304xx/CVE-2023-30472.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30472",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:51.277",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <=\u00a01.0.17 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mts-url-shortener/wordpress-url-shortener-by-mythemeshop-plugin-1-0-17-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-304xx/CVE-2023-30493.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30493",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:51.527",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <=\u00a03.2.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-contact-form-7/wordpress-ultimate-addons-for-contact-form-7-plugin-3-1-32-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30959.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30959",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-09-27T15:18:51.997",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63",
"source": "cve-coordination@palantir.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30961.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30961",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-09-27T15:18:52.157",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8bdf-f95ef3692da4",
"source": "cve-coordination@palantir.com"
}
]
}

32
CVE-2023/CVE-2023-323xx/CVE-2023-32361.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-32361",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.237",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-323xx/CVE-2023-32377.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32377",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.303",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-323xx/CVE-2023-32396.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-32396",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.357",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213939",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-324xx/CVE-2023-32421.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32421",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.413",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32541.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32541",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-27T15:18:52.493",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759",
"source": "talos-cna@cisco.com"
}
]
}

83
CVE-2023/CVE-2023-32xx/CVE-2023-3223.json Normal file
View File

@ -0,0 +1,83 @@
{
"id": "CVE-2023-3223",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-27T15:18:56.457",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:4505",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4506",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4507",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4509",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4918",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4919",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4920",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4921",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4924",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3223",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689",
"source": "secalert@redhat.com"
}
]
}

43
CVE-2023/CVE-2023-340xx/CVE-2023-34043.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-34043",
"sourceIdentifier": "security@vmware.com",
"published": "2023-09-27T15:18:52.593",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with administrative access to the local system can escalate privileges to 'root'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0020.html",
"source": "security@vmware.com"
}
]
}

55
CVE-2023/CVE-2023-350xx/CVE-2023-35071.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35071",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-27T15:18:52.687",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0560",
"source": "cve@usom.gov.tr"
}
]
}

36
CVE-2023/CVE-2023-350xx/CVE-2023-35074.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-35074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.800",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-357xx/CVE-2023-35793.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-35793",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:18:52.857",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH",
"source": "cve@mitre.org"
},
{
"url": "https://www.cassianetworks.com/products/iot-access-controller/",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-359xx/CVE-2023-35984.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-35984",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.917",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-359xx/CVE-2023-35990.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-35990",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.980",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

14
CVE-2023/CVE-2023-368xx/CVE-2023-36844.json
View File

@ -2,18 +2,18 @@
"id": "CVE-2023-36844",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-08-17T20:15:10.267",
"lastModified": "2023-08-30T17:15:08.727",
"lastModified": "2023-09-27T15:18:53.043",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables.\n\nUtilizing a crafted request an attacker is able to modify \n\ncertain PHP environments variables\u00a0leading to partial loss of integrity,\u00a0which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3.\n\n\n\n\n"
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\n\nUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables\u00a0leading to partial loss of integrity,\u00a0which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S1, 23.2R2.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,7 +33,7 @@
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -57,7 +57,7 @@
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -1450,10 +1450,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html",
"source": "sirt@juniper.net"
},
{
"url": "https://supportportal.juniper.net/JSA72300",
"source": "sirt@juniper.net",

26
CVE-2023/CVE-2023-368xx/CVE-2023-36845.json
View File

@ -2,42 +2,42 @@
"id": "CVE-2023-36845",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-08-17T20:15:10.360",
"lastModified": "2023-08-30T17:15:08.980",
"lastModified": "2023-09-27T15:18:53.317",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series \n\nand SRX Series \n\nallows an unauthenticated, network-based attacker to control certain, important environments variables.\n\nUtilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1-S1, 23.2R2.\n\n\n\n\n"
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series \n\nand SRX Series \n\nallows an unauthenticated, network-based attacker to remotely execute code.\n\nUsing a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series\n\n\nand \n\n\nSRX Series:\n\n\n\n * All versions prior to \n\n20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to\u00a021.2R3-S7;\n * 21.3 versions prior to\u00a021.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1-S1, 23.2R2.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -1430,10 +1430,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html",
"source": "sirt@juniper.net"
},
{
"url": "https://supportportal.juniper.net/JSA72300",
"source": "sirt@juniper.net",

14
CVE-2023/CVE-2023-368xx/CVE-2023-36846.json
View File

@ -2,19 +2,19 @@
"id": "CVE-2023-36846",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-08-17T20:15:10.457",
"lastModified": "2023-08-30T17:15:09.300",
"lastModified": "2023-09-27T15:18:54.110",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0\n\npart of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n"
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0\n\npart of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -46,7 +46,7 @@
]
},
{
"source": "nvd@nist.gov",
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
@ -1440,10 +1440,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html",
"source": "sirt@juniper.net"
},
{
"url": "https://supportportal.juniper.net/JSA72300",
"source": "sirt@juniper.net",

12
CVE-2023/CVE-2023-368xx/CVE-2023-36847.json
View File

@ -2,19 +2,19 @@
"id": "CVE-2023-36847",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-08-17T20:15:10.553",
"lastModified": "2023-08-30T17:15:09.530",
"lastModified": "2023-09-27T15:18:54.477",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n"
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
@ -37,7 +37,7 @@
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -1430,10 +1430,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html",
"source": "sirt@juniper.net"
},
{
"url": "https://supportportal.juniper.net/JSA72300",
"source": "sirt@juniper.net",

55
CVE-2023/CVE-2023-368xx/CVE-2023-36851.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36851",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-09-27T15:18:54.877",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0part of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA72300",
"source": "sirt@juniper.net"
}
]
}

20
CVE-2023/CVE-2023-374xx/CVE-2023-37448.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37448",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:55.120",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

55
CVE-2023/CVE-2023-37xx/CVE-2023-3767.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3767",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-27T15:18:56.673",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/inyeccion-de-comandos-os-en-easyphp-webserver",
"source": "cve-coordination@incibe.es"
}
]
}

12
CVE-2023/CVE-2023-380xx/CVE-2023-38039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38039",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-15T04:15:10.127",
"lastModified": "2023-09-20T15:08:11.940",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-27T15:18:55.227",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -95,6 +95,14 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/",
"source": "support@hackerone.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/",
"source": "support@hackerone.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/",
"source": "support@hackerone.com",

20
CVE-2023/CVE-2023-385xx/CVE-2023-38586.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38586",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:55.420",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-385xx/CVE-2023-38596.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-38596",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:55.537",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-386xx/CVE-2023-38615.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38615",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:55.627",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-392xx/CVE-2023-39233.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39233",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:55.687",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

59
CVE-2023/CVE-2023-393xx/CVE-2023-39347.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39347",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:18:55.747",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://docs.cilium.io/en/latest/security/threat-model/#kubernetes-api-server-attacker",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-gj2r-phwg-6rww",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-393xx/CVE-2023-39375.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39375",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-27T15:18:55.883",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSiberianCMS - CWE-274: Improper Handling of Insufficient Privileges\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-274"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

55
CVE-2023/CVE-2023-393xx/CVE-2023-39376.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39376",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-27T15:18:55.987",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

55
CVE-2023/CVE-2023-393xx/CVE-2023-39377.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39377",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-27T15:18:56.087",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

55
CVE-2023/CVE-2023-393xx/CVE-2023-39378.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39378",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-27T15:18:56.227",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

28
CVE-2023/CVE-2023-394xx/CVE-2023-39434.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39434",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:56.317",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40044.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40044",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:18:57.307",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In WS_FTP Server\u00a0version 8.7.0 prior to 8.7.4 and\n\n version 8.8.0 prior to 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.\u00a0\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40045.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40045",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:18:57.897",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In WS_FTP Server\u00a0version 8.7.0 prior to 8.7.4 and\n\n version 8.8.0 prior to 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.\u00a0 An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40046.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40046",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:18:58.103",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn WS_FTP Server version 8.7.0 prior to 8.7.4 and\n\n version 8.8.0 prior to 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40047.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40047",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:18:58.820",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn WS_FTP Server version 8.8.0 prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.\u00a0 Once the cross-site scripting payload is successfully stored,\u00a0\u00a0an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40048.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40048",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:19:00.010",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn WS_FTP Server\u00a0version 8.8.0 prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40049.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40049",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:19:01.013",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn WS_FTP Server version 8.8.0 prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
"source": "security@progress.com"
},
{
"url": "https://www.progress.com/ws_ftp",
"source": "security@progress.com"
}
]
}

24
CVE-2023/CVE-2023-402xx/CVE-2023-40219.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40219",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-09-27T15:19:02.237",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN97197972/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.welcart.com/archives/20106.html",
"source": "vultures@jpcert.or.jp"
}
]
}

55
CVE-2023/CVE-2023-403xx/CVE-2023-40330.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40330",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:19:03.170",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <=\u00a01.6.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gd-security-headers/wordpress-gd-security-headers-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-403xx/CVE-2023-40333.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40333",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:19:03.943",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <=\u00a03.0.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bridge-core/wordpress-bridge-core-plugin-3-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

28
CVE-2023/CVE-2023-403xx/CVE-2023-40384.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40384",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:04.630",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40386.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40386",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:05.067",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40388.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40388",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:05.547",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-403xx/CVE-2023-40391.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40391",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:05.977",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213939",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-403xx/CVE-2023-40395.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-40395",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:06.457",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-403xx/CVE-2023-40399.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40399",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:06.927",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-404xx/CVE-2023-40400.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40400",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:07.467",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40402.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40402",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:07.937",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

44
CVE-2023/CVE-2023-404xx/CVE-2023-40403.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-40403",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:08.120",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-404xx/CVE-2023-40406.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40406",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:08.360",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40407.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40407",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:08.597",
"lastModified": "2023-09-27T15:41:20.127",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-404xx/CVE-2023-40409.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-40409",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:08.793",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-404xx/CVE-2023-40410.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-40410",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:08.987",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

36
CVE-2023/CVE-2023-404xx/CVE-2023-40412.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-40412",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:09.060",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-404xx/CVE-2023-40417.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40417",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:09.143",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40418.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40418",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:09.213",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-404xx/CVE-2023-40419.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40419",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:09.297",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

44
CVE-2023/CVE-2023-404xx/CVE-2023-40420.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-40420",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:09.533",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40422.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40422",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:10.417",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-404xx/CVE-2023-40424.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40424",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:11.160",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40426.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40426",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:11.620",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

40
CVE-2023/CVE-2023-404xx/CVE-2023-40427.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-40427",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:12.040",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40428.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40428",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:12.527",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-404xx/CVE-2023-40429.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40429",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:13.107",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40431.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40431",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:13.910",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

32
CVE-2023/CVE-2023-404xx/CVE-2023-40432.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-40432",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:14.660",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-404xx/CVE-2023-40434.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40434",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:15.147",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40435.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40435",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:15.613",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213939",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40436.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40436",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:15.910",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

24
CVE-2023/CVE-2023-404xx/CVE-2023-40441.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40441",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:16.137",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40443.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40443",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:16.337",
"lastModified": "2023-09-27T15:41:13.523",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More