admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-09T19:00:18.993116+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-09 19:00:22 +00:00
parent f9d84e0d12
commit 2c7b6ee1d9
65 changed files with 8371 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

235
CVE-2022/CVE-2022-49xx/CVE-2022-4900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4900",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-02T16:15:08.700",
"lastModified": "2023-11-07T03:59:16.530",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-09T17:46:13.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,14 +80,211 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*",
"matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58C21C07-1325-481A-A042-9806E0309013"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6CC80B03-CD93-4B0F-91DC-21BCF9BA42C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:7.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A7F66C34-5BF9-4EFC-AAB0-A2E3716F4FB8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*",
"matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*",
"matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*",
"matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4900",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

8
CVE-2022/CVE-2022-49xx/CVE-2022-4949.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4949",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.750",
"lastModified": "2023-11-07T03:59:24.660",
"lastModified": "2023-11-09T18:15:07.463",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -89,6 +89,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/09/3",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/critical-vulnerability-in-wordpress-adsanity-plugin/",
"source": "security@wordfence.com",

216
CVE-2023/CVE-2023-200xx/CVE-2023-20071.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20071",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.090",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:30:30.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload."
},
{
"lang": "es",
"value": "Varios productos de Cisco se ven afectados por una vulnerabilidad en el motor de detecci\u00f3n Snort que podr\u00eda permitir que un atacante remoto no autenticado omitir las pol\u00edticas configuradas en un sistema afectado. Esta vulnerabilidad se debe a una falla en el m\u00f3dulo FTP del motor de detecci\u00f3n de Snort. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico FTP manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante omitir la inspecci\u00f3n de FTP y entregar un payload maliciosa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,196 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.0.17",
"matchCriteriaId": "C62E4A4C-EE6D-49B5-ADCC-21386CD9F2D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.0",
"versionEndExcluding": "7.0.6",
"matchCriteriaId": "F2A381B6-2AEF-4A0F-A151-8C3CEBBA7AC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.2.4",
"matchCriteriaId": "BB0ABE0D-B90E-45BD-8978-DD6EBC863EC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndExcluding": "7.3.1.2",
"matchCriteriaId": "233409FB-3D8D-41A9-BEC6-8A0E758717ED"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:snort:snort:2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4C27CF59-184F-4FFD-9CE8-87F2589EB5AA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "7.0.5",
"matchCriteriaId": "7792398D-F563-4441-900D-ABFECAA884AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.1.0.3",
"matchCriteriaId": "0F64FDF4-9696-4FC8-9ADA-DF1727EF1A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.1",
"matchCriteriaId": "F712E334-BA34-4D9C-9E72-DBEFCF9B0E66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.32.0",
"matchCriteriaId": "B5D0C2A5-A925-475B-8B2F-F8E3F27C0876"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:cyber_vision:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.3",
"matchCriteriaId": "CCA9E447-86A4-46AC-9D6B-55D6F8664488"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.3",
"versionEndExcluding": "17.3.8",
"matchCriteriaId": "BE0EDFC9-F9CD-487F-AB5C-38E8340BF427"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.6",
"matchCriteriaId": "85C85786-8BA2-4194-9A07-9F8E676E75C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.9",
"versionEndExcluding": "17.9.4",
"matchCriteriaId": "B50A5D29-0995-469D-86B8-0C5473FC54FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.11",
"versionEndExcluding": "17.11.1a",
"matchCriteriaId": "0DB2D2F1-FB90-485D-B6B4-B6E0A9351C95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.12",
"versionEndExcluding": "17.12.1a",
"matchCriteriaId": "FC04A2AB-CAAA-4723-90FD-C35CED76E029"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:meraki_mx_security_appliance_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C60FD7B-F41F-4307-B3F4-905E7B7C17AF"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-200xx/CVE-2023-20083.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20083",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.143",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:03:03.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la inspecci\u00f3n ICMPv6 cuando se configura con el motor de detecci\u00f3n Snort 2 para el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado haga que la CPU de un dispositivo afectado aumente al 100 por ciento, lo que podr\u00eda detener todo el procesamiento del tr\u00e1fico y resultar en una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). El tr\u00e1fico de gesti\u00f3n de FTD no se ve afectado por esta vulnerabilidad. Esta vulnerabilidad se debe a una comprobaci\u00f3n incorrecta de errores al analizar campos dentro del encabezado ICMPv6. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un paquete ICMPv6 manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo agote los recursos de la CPU y deje de procesar el tr\u00e1fico, lo que resultar\u00eda en una condici\u00f3n DoS. Nota: Para recuperarse de la condici\u00f3n DoS, es posible que sea necesario reiniciar el motor de detecci\u00f3n Snort 2 o el dispositivo Cisco FTD."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,93 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"versionEndIncluding": "6.2.3.18",
"matchCriteriaId": "D58D7217-F6F5-4B58-B59C-E5C8781C87A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.0.17",
"matchCriteriaId": "5156C270-7E41-4D2E-B051-F35563EA4402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.0",
"versionEndIncluding": "6.6.7.1",
"matchCriteriaId": "BCDEBE63-3174-4BBC-82DE-E8E25C818E30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndIncluding": "6.7.0.3",
"matchCriteriaId": "1110632C-526F-4025-A7BE-0CF9F37E5F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.5",
"matchCriteriaId": "3F51D1A7-A702-4071-85D8-7C77CEB23955"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndIncluding": "7.1.0.3",
"matchCriteriaId": "F5F30710-F91A-4A7B-AB06-EE49525E6F04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "90854884-399A-465B-ACB7-E493B8D39041"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndIncluding": "7.3.1.1",
"matchCriteriaId": "E4350E85-F009-4F8A-952E-BDA774CE809E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmpv6-dos-4eMkLuN",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

952
CVE-2023/CVE-2023-200xx/CVE-2023-20095.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20095",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.207",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:26:33.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n VPN de acceso remoto del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un manejo inadecuado de las solicitudes HTTPS. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes HTTPS manipuladas a un sistema afectado. Un exploit exitoso podr\u00eda permitir que el atacante provoque el agotamiento de los recursos, lo que resultar\u00eda en una condici\u00f3n DoS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,932 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D482F818-0A8E-49D7-8E3E-0958019FA629"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7BFB57-BC02-4930-A02F-83583E6A0FC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "026F1960-C879-4611-A60A-96311B63CCA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF8B33E-0C95-467D-A865-0A234E69D0CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF144F5-D933-4DE4-818C-001BD9E3958A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "00112ED3-FE7B-425B-9A28-1E5F2BC8BB01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD491D5-FAAB-493F-91A6-D2F3B5F5970E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1519F49D-588F-4B70-B38F-EF4F3E13FEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "15354443-5EB7-4712-B2DE-61DB33830759"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "248D6B44-E134-4DEC-A947-636824E3FDFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0820A79C-F3EF-407F-9AC7-DCAB4CD39C89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3E8805-85D2-4345-8076-039513209A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "14BB907B-D75A-4F5E-B20D-5457A71A70EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F118B803-4C55-436A-A136-0C1FEA49858F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "6A272121-408E-45F6-A2A1-0BA6EBC060A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "980CEA3B-5A81-4E8C-BEA3-DD31BE7DA2CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3910211-D4DB-4CA7-BBEA-DD8246FF10ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C260BF30-7A33-4C70-9509-404856C93666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF894850-39EC-4B57-BBFF-F1AB4F8389A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FAFCF9-0ABE-483E-9604-329762BB7870"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "83DB4278-3126-4765-97C4-6C0A8C78DA78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "174E631B-6099-47DE-8790-BBF4B7FDB8CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3538B-F612-4105-BFDE-A4B594482DCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3143B0FF-C855-485E-A908-E48974B1643C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26DD9992-6D98-4E03-9599-ECF38A186FBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24DCEAE6-355B-40AE-A7C8-AF744FCA8A86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2097E81E-B422-4B93-AF09-F300A0E8AF71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "454DEA31-A607-4054-82D3-24A4FEB7358F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "57F0B213-8187-4465-84F1-FB8D92B36020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E540771E-BA0B-42D1-8251-B576B0F142C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2A833-BECF-4000-A592-6113A84C2D20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "077F1416-924A-4D25-9CEE-3BD66A96A019"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDC8D92-D6E0-40EE-B190-D2B32C7DEB75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23CD5619-E534-4F40-998D-39DC19FA0451"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D0EB11-14B1-44B3-8D46-B9DD872F772C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA399CF-12DB-42E0-A66F-14508B52A453"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5A7608-E737-420E-9B5E-836600DAC701"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EB6801-336D-4F41-ADE7-1C58C63C3F6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8413DA41-02A5-4269-8C88-9DD5076AF91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "AA00285F-6914-4749-8A47-FC4EDAFFF3C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA4D367-32B9-4F54-8352-A959F61A1FDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "2259FF9E-0C8B-440F-B1AC-51BDE3F60E68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C522B55-904D-4C08-B73E-1457D877C0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "4483056A-FBF3-4E00-81EB-1E97334EF240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.43:*:*:*:*:*:*:*",
"matchCriteriaId": "48677330-06AB-4C7F-B2AD-F7E465A9632A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA80D2-5DB8-4334-9A88-7DDE395832C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1C38A5-1028-4AD3-8CC7-A00091091E76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F002FD55-F881-450E-BC1B-8073E188F47E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA940C4F-13BB-465F-BB8D-CBD0109BF012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0434F5-9A50-4B57-9C5B-E09415D098C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE727035-06CB-4E37-A9D2-96BD54502120"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE52B81-2CF8-48E5-A7BA-A163A25A669B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E8D7C9-5272-40E6-869B-B33959F9F0CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8D5D71-5C85-4644-8A84-F073549ADB50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0790DDC2-7BA0-42DC-A157-754C0CBBE178"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "882394EA-70C8-4D86-9AEF-5D273D8E518C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "855AD3CC-F404-48C5-80D2-7F2765D16D72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26B6BF72-9124-4213-B3C0-BD31B46E8C91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8FBE89-8FDA-4B9B-BA1A-90FFD482A585"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D33E8C-294A-4C43-8DB6-9DA9F61F0B3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4723B88-62BA-40E6-AA89-BAC02D6A036F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C698819-3C8E-4A16-8F52-42FF1E54C076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3CE74E-59E7-448A-8417-18F97C05C798"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0986C171-0E75-4F6F-A9BD-276830104E5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "66A2777A-7831-4324-AEB2-5D93B5F6C04B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "37045680-9189-4B7F-A4F7-4E682FE20A09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C9F37B-CF3C-4861-A969-C7CF4946274A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1DAF21-3FED-4691-9D4C-8FD8CEA7FB3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FB938E58-4963-4A31-8836-88E958592B30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1E317897-EE97-44F3-96BB-E54228D72A7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF7FAB2-158D-4C48-9246-E7AD3BF1D801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "056D43AE-ECDB-40D2-A196-18DDCD02629E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E555F3-3580-4D71-8D8D-92FE72763D62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "93013503-8B9A-4160-AF7E-277958FA6E9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B009FD-0F2B-4511-8EDF-C3E670623F89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "52579D8D-E855-42B3-B406-32DD1C39F721"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D83C3A-ED0B-42D5-A08A-97D27E189875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A649E319-D408-4AA2-8293-C9E37AF14BA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE0D50C0-DADB-4747-8649-8A5257111FE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE2699F-353F-44CB-A778-981783DDC31F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8E50BD-1FBD-483B-9C27-70E95C732E55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5631D2C2-7AFC-4041-9831-EA1FA51969F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAD2427-82A3-4E64-ADB5-FA4F40B568F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08D5A647-AC21-40AC-8B3C-EE5D3EDA038A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAE999A-5244-46CF-8C12-D68E789BDEE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6468D3D-C5A7-4FAE-B4B9-AD862CD11055"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E4808D-592E-46A6-A83A-A46227D817B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB45136-ACCD-4230-8975-0EBB30D5B375"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C39AC1-1B96-4253-9FC8-4CC26D6261F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9102C8-F211-4E50-967F-FD51C7FC904F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4933642-89E5-4909-AD3C-862CD3B77790"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A6C776-79B3-47ED-B013-100B8F08E1C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E504F28A-44CE-4B3E-9330-6A98728E3AEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA0DD43-D206-4C1C-8B17-DA47F96B3BAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1983172D-4F52-479F-BF14-A84B92D36864"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4122D982-A57A-4249-A8DC-CE9FC6C98803"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96464380-F665-4266-B0AD-693E078C9F82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6BD0EE-649E-4ED6-A09C-8364335DEF52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE11554-FE3C-4C8B-8986-5D88E4967342"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C11983-22A8-4859-A240-571A7815FF54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24CD0B0A-2B91-45DD-9522-8D1D3850CC9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7026F0E-72A7-4CDF-BADC-E34FE6FADC51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "63B85369-FBAE-456C-BC99-5418B043688A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "86434346-D5F0-49BA-803E-244C3266E361"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2FA7B3C-002D-4755-B323-CA24B770A5B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CB7EBC-F3D5-4855-A8D8-BA5AB21FD719"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4D975CBA-7F01-4A4C-991B-9571410C4F07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFA476-5021-4A00-859E-1643009D6156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-dos-3GhZQBAS",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-201xx/CVE-2023-20170.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20170",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.267",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:22:51.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un comando espec\u00edfico de la CLI de Cisco ISE podr\u00eda permitir que un atacante local autenticado realice ataques de inyecci\u00f3n de comandos en el sistema operativo subyacente y eleve los privilegios a ra\u00edz. Para aprovechar esta vulnerabilidad, un atacante debe tener privilegios v\u00e1lidos de nivel de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un comando CLI manipulado. Un exploit exitoso podr\u00eda permitir al atacante elevar los privilegios a root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "ED937BCD-60F7-4555-99D8-B6229214FA73"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

202
CVE-2023/CVE-2023-201xx/CVE-2023-20196.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20196",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.400",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:57:10.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges."
},
{
"lang": "es",
"value": "Dos vulnerabilidades en Cisco ISE podr\u00edan permitir que un atacante remoto autenticado cargue archivos arbitrarios en un dispositivo afectado. Para aprovechar estas vulnerabilidades, un atacante debe tener credenciales de administrador v\u00e1lidas en el dispositivo afectado. Estas vulnerabilidades se deben a una validaci\u00f3n inadecuada de los archivos que se cargan en la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar estas vulnerabilidades cargando un archivo manipulado en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante almacenar archivos maliciosos en directorios espec\u00edficos del dispositivo. Posteriormente, el atacante podr\u00eda utilizar esos archivos para realizar ataques adicionales, incluida la ejecuci\u00f3n de c\u00f3digo arbitrario en el dispositivo afectado con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,182 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1F22FABF-2831-4895-B0A9-283B98398F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B83D0F20-5A43-4583-AFAF-CD9D20352437"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5ADE32BD-C500-47D8-86D6-B08F55F1BBDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "22F23314-96BE-42F6-AE07-CC13F8856029"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "76265489-E5DC-46F1-9475-2FDFCEE32CF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "9517A1B4-45BA-44DD-9122-C86BF9075EFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "1BC35A24-68DB-43C5-A817-9B35018F5990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8:*:*:*:*:*:*",
"matchCriteriaId": "DC94625A-6ED0-439B-A2DA-15A49B2FED93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch9:*:*:*:*:*:*",
"matchCriteriaId": "2392609B-AFEA-4BBD-99FA-E90AD4C2AE8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "A1E81F86-7ED6-4D6C-8DAF-09EB2A7BC496"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "FEA5210C-E674-4C4B-9EB3-C681C70005B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch7:*:*:*:*:*:*",
"matchCriteriaId": "C95F2367-A1A0-46B5-AFC0-9929FC899EE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "ED937BCD-60F7-4555-99D8-B6229214FA73"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-FceLP4xs",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-202xx/CVE-2023-20219.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20219",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.460",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:31:58.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n web del software Cisco Firepower Management Center (FMC) podr\u00edan permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente. El atacante necesitar\u00eda credenciales de dispositivo v\u00e1lidas, pero no necesitar\u00eda privilegios de administrador para aprovechar esta vulnerabilidad. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para ciertas opciones de configuraci\u00f3n. Un atacante podr\u00eda aprovechar estas vulnerabilidades utilizando entradas manipuladas dentro de la GUI de configuraci\u00f3n del dispositivo. Un exploit exitoso podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el dispositivo, incluido el sistema operativo subyacente, lo que tambi\u00e9n podr\u00eda afectar la disponibilidad del dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,86 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"versionEndIncluding": "6.2.3.18",
"matchCriteriaId": "B6BF3D02-3BA0-4736-B78D-3634E3E91623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.0.16",
"matchCriteriaId": "6FBA1598-02FE-4855-8449-E2FF06EF8276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.0",
"versionEndIncluding": "6.6.7.1",
"matchCriteriaId": "AF3259C7-8F36-46B1-A1BA-C2F9AC165A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.5",
"matchCriteriaId": "0BE29E8B-5D64-4CF6-B8CB-A38E991A9BB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndIncluding": "7.1.0.3",
"matchCriteriaId": "749D90E8-9009-4F05-8C5E-2521A9BC7D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3.1",
"matchCriteriaId": "D44E33FB-20A2-448B-A901-3BD383E45F2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndIncluding": "7.3.1.1",
"matchCriteriaId": "E355BD8E-18E7-4405-8F32-0A191DCE0774"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-202xx/CVE-2023-20220.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20220",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.523",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:37:10.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00edan permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente. Para aprovechar estas vulnerabilidades, el atacante debe tener credenciales de dispositivo v\u00e1lidas, pero no necesita privilegios de administrador. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para ciertas opciones de configuraci\u00f3n. Un atacante podr\u00eda aprovechar estas vulnerabilidades utilizando entradas manipuladas dentro de la GUI de configuraci\u00f3n del dispositivo. Un exploit exitoso podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el dispositivo, incluido el sistema operativo subyacente, lo que tambi\u00e9n podr\u00eda afectar la disponibilidad del dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,93 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"versionEndIncluding": "6.2.3.18",
"matchCriteriaId": "B6BF3D02-3BA0-4736-B78D-3634E3E91623"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.0.16",
"matchCriteriaId": "6FBA1598-02FE-4855-8449-E2FF06EF8276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.0",
"versionEndIncluding": "6.6.7.1",
"matchCriteriaId": "AF3259C7-8F36-46B1-A1BA-C2F9AC165A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndIncluding": "6.7.0.3",
"matchCriteriaId": "79C97BD3-D82A-493B-BCBB-9909ED80D084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.5",
"matchCriteriaId": "0BE29E8B-5D64-4CF6-B8CB-A38E991A9BB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndIncluding": "7.1.0.3",
"matchCriteriaId": "749D90E8-9009-4F05-8C5E-2521A9BC7D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3.1",
"matchCriteriaId": "D44E33FB-20A2-448B-A901-3BD383E45F2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndIncluding": "7.3.1.1",
"matchCriteriaId": "E355BD8E-18E7-4405-8F32-0A191DCE0774"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-202xx/CVE-2023-20246.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20246",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.583",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:47:31.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system."
},
{
"lang": "es",
"value": "Varios productos de Cisco se ven afectados por una vulnerabilidad en las pol\u00edticas de control de acceso de Snort que podr\u00eda permitir que un atacante remoto no autenticado eluda las pol\u00edticas configuradas en un sistema afectado. Esta vulnerabilidad se debe a un error l\u00f3gico que ocurre cuando se completan las pol\u00edticas de control de acceso. Un atacante podr\u00eda aprovechar esta vulnerabilidad estableciendo una conexi\u00f3n con un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante omitir las reglas de control de acceso configuradas en el sistema afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,67 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.57.0",
"matchCriteriaId": "03BBE9C4-8E31-4223-B2CB-04118A8799EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.12",
"versionEndExcluding": "17.12.2",
"matchCriteriaId": "6BF7CD16-FAF3-4241-B511-5894881B1957"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.13",
"versionEndExcluding": "17.13.1",
"matchCriteriaId": "B5F4D8FD-9B97-4DEA-A269-22B978D6BB63"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

1212
CVE-2023/CVE-2023-202xx/CVE-2023-20247.json
View File

File diff suppressed because it is too large Load Diff

63
CVE-2023/CVE-2023-202xx/CVE-2023-20255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20255",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.700",
"lastModified": "2023-11-01T18:17:40.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:46:11.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API de la funci\u00f3n Web Bridge de Cisco Meeting Server podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de las solicitudes HTTP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando paquetes HTTP manipulados a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir que el atacante cause una condici\u00f3n de disponibilidad parcial, lo que podr\u00eda causar que las video llamadas en curso se interrumpan debido a que los paquetes no v\u00e1lidos llegan al Web Bridge."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.1",
"matchCriteriaId": "4ADE4E95-C5C2-47A4-838D-3F88D897ED0F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-202xx/CVE-2023-20267.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20267",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.810",
"lastModified": "2023-11-01T18:17:40.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:45:47.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las reglas de geolocalizaci\u00f3n de IP de Snort 3 podr\u00eda permitir que un atacante remoto no autenticado potencialmente evite las restricciones de direcciones IP. Esta vulnerabilidad existe porque la configuraci\u00f3n de las reglas de geolocalizaci\u00f3n de IP no se analiza correctamente. Un atacante podr\u00eda aprovechar esta vulnerabilidad falsificando una direcci\u00f3n IP hasta omitir la restricci\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante omitir las restricciones de direcciones IP basadas en la ubicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndIncluding": "7.3.1.1",
"matchCriteriaId": "C09834D9-E0C1-49C9-92A9-4FF1F84D37FC"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-bypass-LMz2ThKn",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-259xx/CVE-2023-25975.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-25975",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T18:15:07.587",
"lastModified": "2023-11-09T18:15:07.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fr\u00e9d\u00e9ric Sheedy Etsy Shop plugin <=\u00a03.0.3 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/etsy-shop/wordpress-etsy-shop-plugin-3-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-259xx/CVE-2023-25994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25994",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T16:15:34.493",
"lastModified": "2023-11-09T16:15:34.493",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

277
CVE-2023/CVE-2023-290xx/CVE-2023-29047.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29047",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-11-02T14:15:11.280",
"lastModified": "2023-11-02T14:26:34.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:40:13.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Los endpoints de la API Imageconverter proporcionaban m\u00e9todos que no validaban ni sanitizaban correctamente la entrada del cliente, lo que permit\u00eda inyectar declaraciones SQL arbitrarias. Un atacante con acceso a la red adyacente y potencialmente credenciales API podr\u00eda leer y modificar el contenido de la base de datos al que puede acceder la cuenta de usuario SQL de imageconverter. Ninguno No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -46,14 +80,249 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0004.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-310xx/CVE-2023-31087.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-31087",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T18:15:07.690",
"lastModified": "2023-11-09T18:15:07.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <=\u00a02.0.0 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-jobs/wordpress-js-jobs-manager-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-340xx/CVE-2023-34002.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-34002",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T18:15:07.780",
"lastModified": "2023-11-09T18:15:07.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <=\u00a02.1.0.13 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-inventory-manager/wordpress-wp-inventory-manager-plugin-2-1-0-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-343xx/CVE-2023-34386.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-34386",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T18:15:07.870",
"lastModified": "2023-11-09T18:15:07.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <=\u00a04.7.1 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-smart-wishlist/wordpress-wpc-smart-wishlist-for-woocommerce-plugin-4-6-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-366xx/CVE-2023-36688.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36688",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T16:15:34.597",
"lastModified": "2023-11-09T16:15:34.597",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

87
CVE-2023/CVE-2023-384xx/CVE-2023-38473.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38473",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-02T16:15:08.773",
"lastModified": "2023-11-07T04:17:19.497",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-09T17:46:40.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -40,7 +60,17 @@
},
"weaknesses": [
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -50,14 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.9",
"matchCriteriaId": "6481267F-934F-4A0C-9B25-59738E798458"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-38473",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191694",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-400xx/CVE-2023-40054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40054",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-09T15:15:07.910",
"lastModified": "2023-11-09T15:15:07.910",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-400xx/CVE-2023-40055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40055",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-09T15:15:08.143",
"lastModified": "2023-11-09T15:15:08.143",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-411xx/CVE-2023-41137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41137",
"sourceIdentifier": "info@appcheck-ng.com",
"published": "2023-11-09T15:15:08.333",
"lastModified": "2023-11-09T15:15:08.333",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-411xx/CVE-2023-41138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41138",
"sourceIdentifier": "info@appcheck-ng.com",
"published": "2023-11-09T15:15:08.550",
"lastModified": "2023-11-09T15:15:08.550",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

143
CVE-2023/CVE-2023-420xx/CVE-2023-42029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42029",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-03T00:15:12.683",
"lastModified": "2023-11-03T13:22:46.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:29:22.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -50,18 +80,121 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "498DF94F-3427-4F7C-80CB-F9526C4D47AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B27A342F-6BF8-45E7-9711-7C329DE8FC9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF0F0BC-8964-4812-A5E6-0D1C1317E8D2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266059",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7063659",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7063663",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-428xx/CVE-2023-42802.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42802",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-02T14:15:11.440",
"lastModified": "2023-11-02T14:26:34.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:39:13.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server."
},
{
"lang": "es",
"value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. A partir de la versi\u00f3n 10.0.7 y antes de la versi\u00f3n 10.0.10, la creaci\u00f3n de instancias de un objeto no verificado permite cargar archivos PHP maliciosos en directorios no deseados. Dependiendo de la configuraci\u00f3n del servidor web y de las librer\u00edas del sistema disponibles, se pueden ejecutar archivos PHP maliciosos mediante una solicitud de servidor web. La versi\u00f3n 10.0.10 soluciona este problema. Como workaround, elimine el acceso de escritura en los archivos `/ajax` y `/front` al servidor web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.7",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "9144086D-017E-4700-8E5B-4309DEAB9B17"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.10",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-430xx/CVE-2023-43018.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43018",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-03T00:15:12.757",
"lastModified": "2023-11-03T13:22:46.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:28:38.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -50,14 +80,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266163",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7063668",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-437xx/CVE-2023-43791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43791",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-09T15:15:08.743",
"lastModified": "2023-11-09T15:15:08.743",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
CVE-2023/CVE-2023-452xx/CVE-2023-45283.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-45283",
"sourceIdentifier": "security@golang.org",
"published": "2023-11-09T17:15:08.757",
"lastModified": "2023-11-09T17:15:08.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/540277",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/63713",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2185",
"source": "security@golang.org"
}
]
}

32
CVE-2023/CVE-2023-452xx/CVE-2023-45284.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-45284",
"sourceIdentifier": "security@golang.org",
"published": "2023-11-09T17:15:08.813",
"lastModified": "2023-11-09T17:15:08.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/540277",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/63713",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2186",
"source": "security@golang.org"
}
]
}

20
CVE-2023/CVE-2023-458xx/CVE-2023-45884.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45884",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T17:15:08.853",
"lastModified": "2023-11-09T17:15:08.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin."
}
],
"metrics": {},
"references": [
{
"url": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-458xx/CVE-2023-45885.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45885",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T17:15:08.903",
"lastModified": "2023-11-09T17:15:08.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin."
}
],
"metrics": {},
"references": [
{
"url": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f",
"source": "cve@mitre.org"
}
]
}

2974
CVE-2023/CVE-2023-463xx/CVE-2023-46327.json
View File

File diff suppressed because it is too large Load Diff

65
CVE-2023/CVE-2023-465xx/CVE-2023-46595.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46595",
"sourceIdentifier": "security.vulnerabilities@algosec.com",
"published": "2023-11-02T08:15:08.040",
"lastModified": "2023-11-02T12:54:30.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:47:58.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks.\n\n"
},
{
"lang": "es",
"value": "La fuga de Net-NTLM en Fireflow A32.20 y A32.50 permite a un atacante obtener las credenciales de dominio de la v\u00edctima y el hash Net-NTLM, lo que puede provocar ataques de dominio de retransmisi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security.vulnerabilities@algosec.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security.vulnerabilities@algosec.com",
"type": "Secondary",
@ -46,10 +80,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:algosec:fireflow:a32.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5F57DA17-E133-43D9-AC12-60CBD0FBC253"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:algosec:fireflow:a32.50:*:*:*:*:*:*:*",
"matchCriteriaId": "E3144E50-DB4B-4342-8147-7604003EC8D7"
}
]
}
]
}
],
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html",
"source": "security.vulnerabilities@algosec.com"
"source": "security.vulnerabilities@algosec.com",
"tags": [
"Technical Description"
]
}
]
}

32
CVE-2023/CVE-2023-466xx/CVE-2023-46614.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-46614",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-09T18:15:07.967",
"lastModified": "2023-11-09T18:15:07.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <=\u00a04.5.1 versions."
}
],
"metrics": {},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-helper-lite/wordpress-wp-helper-premium-plugin-4-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

90
CVE-2023/CVE-2023-466xx/CVE-2023-46695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46695",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T06:15:08.000",
"lastModified": "2023-11-07T04:21:57.467",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-09T17:58:25.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,97 @@
"value": "Se descubri\u00f3 un problema en Django 3.2 anterior a 3.2.23, 4.1 anterior a 4.1.13 y 4.2 anterior a 4.2.7. La normalizaci\u00f3n de NFKC es lenta en Windows. Como consecuencia, django.contrib.auth.forms.UsernameField est\u00e1 sujeto a un potencial ataque DoS (denegaci\u00f3n de servicio) a trav\u00e9s de ciertas entradas con una gran cantidad de caracteres Unicode."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2",
"versionEndExcluding": "3.2.23",
"matchCriteriaId": "9909EFAF-C1C8-49FA-860F-C2430EC5304D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1",
"versionEndExcluding": "4.1.13",
"matchCriteriaId": "0ED58B2B-B564-4EE4-AE69-1E206AE34B65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.",
"versionEndExcluding": "4.2.7",
"matchCriteriaId": "A76F97FB-F751-4E8A-B4CD-43ECEA9528CE"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.djangoproject.com/en/4.2/releases/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://groups.google.com/forum/#%21forum/django-announce",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-467xx/CVE-2023-46743.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46743",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-09T16:15:34.683",
"lastModified": "2023-11-09T16:15:34.683",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-468xx/CVE-2023-46894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46894",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T16:15:34.887",
"lastModified": "2023-11-09T16:15:34.887",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-469xx/CVE-2023-46925.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-46925",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T17:15:11.567",
"lastModified": "2023-11-02T18:21:28.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:46:52.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Reportico 7.1.21 es vulnerable a Cross Site Scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reportico:reportico:7.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "36090B19-CD3B-42FD-BDB2-C30FA144EDD0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/reportico-web/reportico/issues/47",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-46xx/CVE-2023-4612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4612",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-11-09T14:15:08.183",
"lastModified": "2023-11-09T14:15:08.183",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-471xx/CVE-2023-47110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47110",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-09T16:15:34.930",
"lastModified": "2023-11-09T16:15:34.930",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

74
CVE-2023/CVE-2023-472xx/CVE-2023-47204.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-47204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-02T06:15:08.517",
"lastModified": "2023-11-02T12:54:30.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:48:32.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code."
},
{
"lang": "es",
"value": "La deserializaci\u00f3n YAML insegura en yaml.Loader en transmute-core anterior a 1.13.5 permite a los atacantes ejecutar c\u00f3digo Python arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:toumorokoshi:transmute-core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13.5",
"matchCriteriaId": "1AB1A162-35CB-4CB5-8B2E-6E0039B3D9DC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/toumorokoshi/transmute-core/pull/58",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/toumorokoshi/transmute-core/releases/tag/v1.13.5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

4
CVE-2023/CVE-2023-473xx/CVE-2023-47363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:07.907",
"lastModified": "2023-11-09T14:15:07.907",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:32.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:07.970",
"lastModified": "2023-11-09T14:15:07.970",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:32.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:08.013",
"lastModified": "2023-11-09T14:15:08.013",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:08.057",
"lastModified": "2023-11-09T14:15:08.057",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47367",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:08.097",
"lastModified": "2023-11-09T14:15:08.097",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47368",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T15:15:08.950",
"lastModified": "2023-11-09T15:15:08.950",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47369",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T14:15:08.140",
"lastModified": "2023-11-09T14:15:08.140",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47370",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T15:15:08.997",
"lastModified": "2023-11-09T15:15:08.997",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47372",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T15:15:09.043",
"lastModified": "2023-11-09T15:15:09.043",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-473xx/CVE-2023-47373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T15:15:09.083",
"lastModified": "2023-11-09T15:15:09.083",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-476xx/CVE-2023-47610.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47610",
"sourceIdentifier": "vulnerability@kaspersky.com",
"published": "2023-11-09T17:15:08.960",
"lastModified": "2023-11-09T17:15:08.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vulnerability@kaspersky.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/",
"source": "vulnerability@kaspersky.com"
}
]
}

123
CVE-2023/CVE-2023-51xx/CVE-2023-5178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5178",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-01T17:15:11.920",
"lastModified": "2023-11-07T04:23:35.157",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-09T17:42:49.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -40,7 +60,17 @@
},
"weaknesses": [
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -50,18 +80,97 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5178",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-53xx/CVE-2023-5358.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-5358",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-11-01T18:15:09.883",
"lastModified": "2023-11-01T18:17:40.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:40:10.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en la funci\u00f3n de filtros de registro de informes en Devolutions Server 2023.2.10.0 y versiones anteriores permite a los atacantes recuperar registros de b\u00f3vedas o entradas a las que no pueden acceder a trav\u00e9s de los par\u00e1metros de consulta de la URL de solicitud de informe."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.4.0",
"matchCriteriaId": "5B4A300E-DC8C-4243-B5BD-9C4244A208D3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0019/",
"source": "security@devolutions.net"
"source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-54xx/CVE-2023-5408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5408",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-02T03:15:10.230",
"lastModified": "2023-11-07T04:23:58.277",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-09T17:59:18.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -40,7 +60,17 @@
},
"weaknesses": [
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -50,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:6130",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5408",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242173",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/openshift/kubernetes/pull/1736",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

67
CVE-2023/CVE-2023-56xx/CVE-2023-5606.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5606",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-02T09:15:08.507",
"lastModified": "2023-11-07T04:24:12.180",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-09T17:47:16.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -38,14 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "4.8.6",
"versionEndExcluding": "4.9.7",
"matchCriteriaId": "3FBB324E-95CE-4687-B3B6-8EA4798C6FD0"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2987335%40chatbot%2Ftrunk&old=2986133%40chatbot%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc305c48-8337-42b7-ad61-61aea8018def?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

121
CVE-2023/CVE-2023-56xx/CVE-2023-5625.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5625",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-01T14:15:38.897",
"lastModified": "2023-11-01T16:16:34.600",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:34:30.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products."
},
{
"lang": "es",
"value": "Se introdujo una regresi\u00f3n en la compilaci\u00f3n de Red Hat de python-eventlet debido a un cambio en la estrategia de aplicaci\u00f3n del parche, lo que provoc\u00f3 que no se aplicara un parche para CVE-2021-21419 para todas las compilaciones de todos los productos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,105 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E52D8667-D64B-4E4D-972F-089A2D834C34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5E9340-DD85-4B10-9A1D-9021C95229A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2127E592-F973-4244-9793-680736EC5313"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "608FBE62-5A35-4C7A-BBC7-E0D05E09008B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:6128",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5625",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244717",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-58xx/CVE-2023-5875.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5875",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-02T09:15:08.617",
"lastModified": "2023-11-02T12:54:30.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:46:53.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
},
{
"lang": "es",
"value": "Mattermost Desktop no maneja correctamente los permisos ni solicita el consentimiento del usuario en ciertos permisos confidenciales, lo que permite la explotaci\u00f3n de medios desde un servidor de Mattermost malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.1",
"matchCriteriaId": "3C60BC63-A71E-4E6A-B0AD-29F802287757"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-58xx/CVE-2023-5876.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5876",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-02T09:15:08.747",
"lastModified": "2023-11-02T12:54:30.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:52:34.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\n\n"
},
{
"lang": "es",
"value": "Mattermost no logra validar adecuadamente una expresi\u00f3n regular creada a partir de la ruta URL del servidor, lo que permite que un atacante con control de un servidor inscrito monte una Denegaci\u00f3n de Servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.1",
"matchCriteriaId": "3C60BC63-A71E-4E6A-B0AD-29F802287757"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-58xx/CVE-2023-5889.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5889",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-01T01:15:07.423",
"lastModified": "2023-11-01T12:51:15.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T18:31:49.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
},
{
"lang": "es",
"value": "Caducidad de sesi\u00f3n insuficiente en el repositorio de GitHub pkp/pkp-lib anterior a 3.3.0-16."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +70,52 @@
"value": "CWE-613"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pkp:pkp_web_application_library:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0-16",
"matchCriteriaId": "620A9B67-F772-49B8-87D8-001DCD83FA6E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-59xx/CVE-2023-5920.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5920",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-11-02T09:15:08.837",
"lastModified": "2023-11-02T12:54:30.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-09T17:59:53.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\n\n"
},
{
"lang": "es",
"value": "Mattermost Desktop para MacOS no utiliza la funcionalidad de entrada de teclado segura proporcionada por macOS, lo que permite que otros procesos lean la entrada del teclado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.1",
"matchCriteriaId": "3C60BC63-A71E-4E6A-B0AD-29F802287757"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-60xx/CVE-2023-6039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-09T15:15:09.133",
"lastModified": "2023-11-09T15:15:09.133",
"vulnStatus": "Received",
"lastModified": "2023-11-09T17:13:29.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

85
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-09T17:00:20.251809+00:00
2023-11-09T19:00:18.993116+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-09T16:55:00.637000+00:00
2023-11-09T18:57:10.740000+00:00
```
### Last Data Feed Release
@ -29,59 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230241
230251
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `10`
* [CVE-2023-40054](CVE-2023/CVE-2023-400xx/CVE-2023-40054.json) (`2023-11-09T15:15:07.910`)
* [CVE-2023-40055](CVE-2023/CVE-2023-400xx/CVE-2023-40055.json) (`2023-11-09T15:15:08.143`)
* [CVE-2023-41137](CVE-2023/CVE-2023-411xx/CVE-2023-41137.json) (`2023-11-09T15:15:08.333`)
* [CVE-2023-41138](CVE-2023/CVE-2023-411xx/CVE-2023-41138.json) (`2023-11-09T15:15:08.550`)
* [CVE-2023-43791](CVE-2023/CVE-2023-437xx/CVE-2023-43791.json) (`2023-11-09T15:15:08.743`)
* [CVE-2023-47368](CVE-2023/CVE-2023-473xx/CVE-2023-47368.json) (`2023-11-09T15:15:08.950`)
* [CVE-2023-47370](CVE-2023/CVE-2023-473xx/CVE-2023-47370.json) (`2023-11-09T15:15:08.997`)
* [CVE-2023-47372](CVE-2023/CVE-2023-473xx/CVE-2023-47372.json) (`2023-11-09T15:15:09.043`)
* [CVE-2023-47373](CVE-2023/CVE-2023-473xx/CVE-2023-47373.json) (`2023-11-09T15:15:09.083`)
* [CVE-2023-6039](CVE-2023/CVE-2023-60xx/CVE-2023-6039.json) (`2023-11-09T15:15:09.133`)
* [CVE-2023-25994](CVE-2023/CVE-2023-259xx/CVE-2023-25994.json) (`2023-11-09T16:15:34.493`)
* [CVE-2023-36688](CVE-2023/CVE-2023-366xx/CVE-2023-36688.json) (`2023-11-09T16:15:34.597`)
* [CVE-2023-46743](CVE-2023/CVE-2023-467xx/CVE-2023-46743.json) (`2023-11-09T16:15:34.683`)
* [CVE-2023-46894](CVE-2023/CVE-2023-468xx/CVE-2023-46894.json) (`2023-11-09T16:15:34.887`)
* [CVE-2023-47110](CVE-2023/CVE-2023-471xx/CVE-2023-47110.json) (`2023-11-09T16:15:34.930`)
* [CVE-2023-45283](CVE-2023/CVE-2023-452xx/CVE-2023-45283.json) (`2023-11-09T17:15:08.757`)
* [CVE-2023-45284](CVE-2023/CVE-2023-452xx/CVE-2023-45284.json) (`2023-11-09T17:15:08.813`)
* [CVE-2023-45884](CVE-2023/CVE-2023-458xx/CVE-2023-45884.json) (`2023-11-09T17:15:08.853`)
* [CVE-2023-45885](CVE-2023/CVE-2023-458xx/CVE-2023-45885.json) (`2023-11-09T17:15:08.903`)
* [CVE-2023-47610](CVE-2023/CVE-2023-476xx/CVE-2023-47610.json) (`2023-11-09T17:15:08.960`)
* [CVE-2023-25975](CVE-2023/CVE-2023-259xx/CVE-2023-25975.json) (`2023-11-09T18:15:07.587`)
* [CVE-2023-31087](CVE-2023/CVE-2023-310xx/CVE-2023-31087.json) (`2023-11-09T18:15:07.690`)
* [CVE-2023-34002](CVE-2023/CVE-2023-340xx/CVE-2023-34002.json) (`2023-11-09T18:15:07.780`)
* [CVE-2023-34386](CVE-2023/CVE-2023-343xx/CVE-2023-34386.json) (`2023-11-09T18:15:07.870`)
* [CVE-2023-46614](CVE-2023/CVE-2023-466xx/CVE-2023-46614.json) (`2023-11-09T18:15:07.967`)
### CVEs modified in the last Commit
Recently modified CVEs: `34`
Recently modified CVEs: `54`
* [CVE-2023-3397](CVE-2023/CVE-2023-33xx/CVE-2023-3397.json) (`2023-11-09T15:09:04.150`)
* [CVE-2023-1193](CVE-2023/CVE-2023-11xx/CVE-2023-1193.json) (`2023-11-09T15:13:51.737`)
* [CVE-2023-20114](CVE-2023/CVE-2023-201xx/CVE-2023-20114.json) (`2023-11-09T15:14:11.093`)
* [CVE-2023-20206](CVE-2023/CVE-2023-202xx/CVE-2023-20206.json) (`2023-11-09T15:22:14.107`)
* [CVE-2023-45344](CVE-2023/CVE-2023-453xx/CVE-2023-45344.json) (`2023-11-09T15:23:59.327`)
* [CVE-2023-1192](CVE-2023/CVE-2023-11xx/CVE-2023-1192.json) (`2023-11-09T15:24:11.003`)
* [CVE-2023-20155](CVE-2023/CVE-2023-201xx/CVE-2023-20155.json) (`2023-11-09T15:36:26.050`)
* [CVE-2023-45323](CVE-2023/CVE-2023-453xx/CVE-2023-45323.json) (`2023-11-09T15:40:37.763`)
* [CVE-2023-45324](CVE-2023/CVE-2023-453xx/CVE-2023-45324.json) (`2023-11-09T15:41:17.147`)
* [CVE-2023-45325](CVE-2023/CVE-2023-453xx/CVE-2023-45325.json) (`2023-11-09T15:41:28.443`)
* [CVE-2023-45326](CVE-2023/CVE-2023-453xx/CVE-2023-45326.json) (`2023-11-09T15:41:42.737`)
* [CVE-2023-45327](CVE-2023/CVE-2023-453xx/CVE-2023-45327.json) (`2023-11-09T15:41:53.263`)
* [CVE-2023-45329](CVE-2023/CVE-2023-453xx/CVE-2023-45329.json) (`2023-11-09T15:42:07.307`)
* [CVE-2023-45330](CVE-2023/CVE-2023-453xx/CVE-2023-45330.json) (`2023-11-09T15:42:20.077`)
* [CVE-2023-45331](CVE-2023/CVE-2023-453xx/CVE-2023-45331.json) (`2023-11-09T15:42:33.977`)
* [CVE-2023-45332](CVE-2023/CVE-2023-453xx/CVE-2023-45332.json) (`2023-11-09T15:42:45.393`)
* [CVE-2023-45333](CVE-2023/CVE-2023-453xx/CVE-2023-45333.json) (`2023-11-09T15:42:55.660`)
* [CVE-2023-45334](CVE-2023/CVE-2023-453xx/CVE-2023-45334.json) (`2023-11-09T15:43:08.167`)
* [CVE-2023-45335](CVE-2023/CVE-2023-453xx/CVE-2023-45335.json) (`2023-11-09T15:43:18.037`)
* [CVE-2023-46448](CVE-2023/CVE-2023-464xx/CVE-2023-46448.json) (`2023-11-09T15:55:49.677`)
* [CVE-2023-35896](CVE-2023/CVE-2023-358xx/CVE-2023-35896.json) (`2023-11-09T15:56:37.183`)
* [CVE-2023-20063](CVE-2023/CVE-2023-200xx/CVE-2023-20063.json) (`2023-11-09T16:35:34.477`)
* [CVE-2023-20048](CVE-2023/CVE-2023-200xx/CVE-2023-20048.json) (`2023-11-09T16:41:58.507`)
* [CVE-2023-4452](CVE-2023/CVE-2023-44xx/CVE-2023-4452.json) (`2023-11-09T16:46:36.617`)
* [CVE-2023-46176](CVE-2023/CVE-2023-461xx/CVE-2023-46176.json) (`2023-11-09T16:55:00.637`)
* [CVE-2023-20220](CVE-2023/CVE-2023-202xx/CVE-2023-20220.json) (`2023-11-09T17:37:10.097`)
* [CVE-2023-5358](CVE-2023/CVE-2023-53xx/CVE-2023-5358.json) (`2023-11-09T17:40:10.643`)
* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-09T17:42:49.327`)
* [CVE-2023-20267](CVE-2023/CVE-2023-202xx/CVE-2023-20267.json) (`2023-11-09T17:45:47.757`)
* [CVE-2023-20255](CVE-2023/CVE-2023-202xx/CVE-2023-20255.json) (`2023-11-09T17:46:11.677`)
* [CVE-2023-38473](CVE-2023/CVE-2023-384xx/CVE-2023-38473.json) (`2023-11-09T17:46:40.643`)
* [CVE-2023-46925](CVE-2023/CVE-2023-469xx/CVE-2023-46925.json) (`2023-11-09T17:46:52.517`)
* [CVE-2023-5875](CVE-2023/CVE-2023-58xx/CVE-2023-5875.json) (`2023-11-09T17:46:53.457`)
* [CVE-2023-5606](CVE-2023/CVE-2023-56xx/CVE-2023-5606.json) (`2023-11-09T17:47:16.333`)
* [CVE-2023-46595](CVE-2023/CVE-2023-465xx/CVE-2023-46595.json) (`2023-11-09T17:47:58.187`)
* [CVE-2023-47204](CVE-2023/CVE-2023-472xx/CVE-2023-47204.json) (`2023-11-09T17:48:32.863`)
* [CVE-2023-5876](CVE-2023/CVE-2023-58xx/CVE-2023-5876.json) (`2023-11-09T17:52:34.940`)
* [CVE-2023-20247](CVE-2023/CVE-2023-202xx/CVE-2023-20247.json) (`2023-11-09T17:54:06.680`)
* [CVE-2023-46695](CVE-2023/CVE-2023-466xx/CVE-2023-46695.json) (`2023-11-09T17:58:25.887`)
* [CVE-2023-5408](CVE-2023/CVE-2023-54xx/CVE-2023-5408.json) (`2023-11-09T17:59:18.423`)
* [CVE-2023-5920](CVE-2023/CVE-2023-59xx/CVE-2023-5920.json) (`2023-11-09T17:59:53.997`)
* [CVE-2023-20083](CVE-2023/CVE-2023-200xx/CVE-2023-20083.json) (`2023-11-09T18:03:03.147`)
* [CVE-2023-46327](CVE-2023/CVE-2023-463xx/CVE-2023-46327.json) (`2023-11-09T18:16:27.147`)
* [CVE-2023-20170](CVE-2023/CVE-2023-201xx/CVE-2023-20170.json) (`2023-11-09T18:22:51.403`)
* [CVE-2023-20071](CVE-2023/CVE-2023-200xx/CVE-2023-20071.json) (`2023-11-09T18:30:30.590`)
* [CVE-2023-5889](CVE-2023/CVE-2023-58xx/CVE-2023-5889.json) (`2023-11-09T18:31:49.260`)
* [CVE-2023-42802](CVE-2023/CVE-2023-428xx/CVE-2023-42802.json) (`2023-11-09T18:39:13.100`)
* [CVE-2023-29047](CVE-2023/CVE-2023-290xx/CVE-2023-29047.json) (`2023-11-09T18:40:13.127`)
* [CVE-2023-20246](CVE-2023/CVE-2023-202xx/CVE-2023-20246.json) (`2023-11-09T18:47:31.197`)
* [CVE-2023-20196](CVE-2023/CVE-2023-201xx/CVE-2023-20196.json) (`2023-11-09T18:57:10.740`)
## Download and Usage