admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-06T16:00:29.997318+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-06 16:00:33 +00:00
parent fa6f9170fd
commit 3c142a076f
174 changed files with 6397 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2020/CVE-2020-184xx/CVE-2020-18404.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-18404",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T21:15:15.650",
"lastModified": "2023-06-28T12:34:43.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T15:00:11.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ecisp:espcms:p8.18101601:*:*:*:*:*:*:*",
"matchCriteriaId": "41ABBD9C-66DC-4026-84F7-A40BE70CEFB2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/source-hunter/espcms/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

64
CVE-2020/CVE-2020-184xx/CVE-2020-18409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-18409",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T21:15:15.717",
"lastModified": "2023-06-28T12:34:43.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T14:59:47.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se ha descubierto una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en CatfishCMS v4.8.63 que permite a los atacantes obtener permisos de administrador a trav\u00e9s de \"/index.php/admin/index/modifymanage.html\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:catfishcms_project:catfishcms:4.8.63:*:*:*:*:*:*:*",
"matchCriteriaId": "1C331B33-5156-440D-ACD2-C0A5270A4799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwlrbh/Catfish/issues/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

20
CVE-2020/CVE-2020-218xx/CVE-2020-21861.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-21861",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T14:15:10.020",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/annyshow/DuxCMS2.1/issues/I182Y4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-218xx/CVE-2020-21862.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-21862",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T14:15:10.080",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/annyshow/DuxCMS2.1/issues/I182Z5",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-223xx/CVE-2020-22336.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-22336",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T14:15:10.127",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function."
}
],
"metrics": {},
"references": [
{
"url": "https://sourceforge.net/p/pdfcrack/bugs/12/",
"source": "cve@mitre.org"
}
]
}

22
CVE-2020/CVE-2020-224xx/CVE-2020-22403.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-22403",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-12T22:15:07.597",
"lastModified": "2021-09-16T13:10:26.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T14:15:10.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The express-cart package through 1.1.10 for Node.js allows CSRF."
"value": "Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts."
},
{
"lang": "es",
@ -95,20 +95,8 @@
],
"references": [
{
"url": "https://hackerone.com/reports/395944",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20210909-0004/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
"url": "https://github.com/mrvautin/expressCart/issues/120",
"source": "cve@mitre.org"
}
]
}

66
CVE-2021/CVE-2021-258xx/CVE-2021-25828.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2021-25828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.453",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T15:21:23.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.0.50",
"matchCriteriaId": "8428649E-160E-487E-A8F3-3D8F28AA0200"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MediaBrowser/Emby/issues/3785",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

14
CVE-2021/CVE-2021-400xx/CVE-2021-40014.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-40014",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-01-10T14:10:21.463",
"lastModified": "2022-01-13T02:50:23.927",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T14:15:10.297",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality."
"value": "The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.\n\n"
},
{
"lang": "es",
@ -94,12 +94,20 @@
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331",
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858",
"source": "psirt@huawei.com"
}
]
}

24
CVE-2021/CVE-2021-400xx/CVE-2021-40027.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-40027",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-01-10T14:10:21.810",
"lastModified": "2022-01-13T14:30:36.290",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T14:15:10.380",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality."
"value": "The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.\n\n"
},
{
"lang": "es",
@ -73,6 +73,16 @@
"value": "CWE-119"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
@ -94,12 +104,20 @@
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331",
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858",
"source": "psirt@huawei.com"
}
]
}

14
CVE-2021/CVE-2021-400xx/CVE-2021-40032.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-40032",
"sourceIdentifier": "psirt@huawei.com",
"published": "2022-01-10T14:10:22.200",
"lastModified": "2022-01-13T15:27:31.957",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T14:15:10.450",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality."
"value": "The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.\n\n"
},
{
"lang": "es",
@ -94,12 +94,20 @@
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331",
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858",
"source": "psirt@huawei.com"
}
]
}

4
CVE-2021/CVE-2021-468xx/CVE-2021-46892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46892",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:09.910",
"lastModified": "2023-07-06T13:15:09.910",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-468xx/CVE-2021-46894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46894",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:09.967",
"lastModified": "2023-07-06T13:15:09.967",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2021/CVE-2021-468xx/CVE-2021-46896.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46896",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T14:15:10.517",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/PX4/PX4-Autopilot/issues/18369",
"source": "cve@mitre.org"
}
]
}

12
CVE-2022/CVE-2022-219xx/CVE-2022-21947.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-21947",
"sourceIdentifier": "meissner@suse.de",
"published": "2022-04-01T07:15:07.407",
"lastModified": "2023-06-27T19:01:22.790",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T15:15:10.207",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V."
"value": "A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V."
},
{
"lang": "es",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "meissner@suse.de",
"type": "Primary",
"description": [
{
@ -95,12 +95,12 @@
]
},
{
"source": "meissner@suse.de",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-668"
}
]
}

12
CVE-2022/CVE-2022-21xx/CVE-2022-2134.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-2134",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-06-20T15:15:13.497",
"lastModified": "2023-06-27T18:58:56.730",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T15:15:10.367",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Denial of Service in GitHub repository inventree/inventree prior to 0.8.0."
"value": "Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0."
},
{
"lang": "es",
@ -87,7 +87,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
@ -97,12 +97,12 @@
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-770"
}
]
}

10
CVE-2022/CVE-2022-23xx/CVE-2022-2353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2353",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-07-09T09:15:08.727",
"lastModified": "2023-06-27T18:30:38.900",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T15:15:10.477",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -87,7 +87,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
@ -97,12 +97,12 @@
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
"value": "CWE-352"
}
]
}

14
CVE-2022/CVE-2022-423xx/CVE-2022-42344.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42344",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-10-20T17:15:10.723",
"lastModified": "2022-10-21T19:02:56.430",
"lastModified": "2023-07-06T14:37:45.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -40,8 +40,18 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",

69
CVE-2022/CVE-2022-424xx/CVE-2022-42439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42439",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-02-06T21:15:09.200",
"lastModified": "2023-02-17T17:15:11.213",
"vulnStatus": "Modified",
"lastModified": "2023-07-06T14:37:53.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,22 +56,22 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-532"
}
]
},
{
"source": "nvd@nist.gov",
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-200"
}
]
}
@ -125,6 +125,58 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BF8AF2-0047-4E43-AEDF-0D4D54446876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37215CD7-7390-4BCD-AA3A-E1B233875147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "B9B1A13B-7F98-44A6-9933-A0052E93D7F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9816F05C-8D57-48AD-9E64-907CDB24D612"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7B481C-86B1-44B0-AB68-48C1739B0DB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA125F0-42C5-40E2-A63D-FDE0444A7D32"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF"
}
]
}
]
}
],
"references": [
@ -138,7 +190,10 @@
},
{
"url": "https://www.ibm.com/support/pages/node/6952435",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-424xx/CVE-2022-42460.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42460",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-11-10T22:15:15.673",
"lastModified": "2022-11-15T19:57:16.180",
"lastModified": "2023-07-06T14:42:13.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-79"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-424xx/CVE-2022-42461.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42461",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-11-18T20:15:09.827",
"lastModified": "2022-11-21T17:05:54.553",
"lastModified": "2023-07-06T14:42:16.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-42xx/CVE-2022-4224.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4224",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-03-23T12:15:12.990",
"lastModified": "2023-03-30T19:37:12.143",
"lastModified": "2023-07-06T14:37:16.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-1188"
}
]
},

8
CVE-2022/CVE-2022-42xx/CVE-2022-4228.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4228",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-11-30T12:15:10.140",
"lastModified": "2023-02-01T15:35:56.833",
"lastModified": "2023-07-06T14:37:29.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -83,17 +83,17 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-306"
}
]
},
{
"source": "nvd@nist.gov",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{

14
CVE-2022/CVE-2022-434xx/CVE-2022-43410.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43410",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.660",
"lastModified": "2022-11-03T17:43:21.713",
"lastModified": "2023-07-06T14:42:01.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -40,8 +40,18 @@
},
"weaknesses": [
{
"source": "jenkinsci-cert@googlegroups.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "jenkinsci-cert@googlegroups.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-434xx/CVE-2022-43494.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43494",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-01-18T00:15:12.090",
"lastModified": "2023-01-25T16:38:05.613",
"lastModified": "2023-07-06T14:46:54.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-435xx/CVE-2022-43563.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43563",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2022-11-04T23:15:09.887",
"lastModified": "2022-11-08T14:46:50.527",
"lastModified": "2023-07-06T14:46:58.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-435xx/CVE-2022-43565.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43565",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2022-11-04T23:15:10.023",
"lastModified": "2022-11-08T13:53:01.917",
"lastModified": "2023-07-06T14:47:10.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-435xx/CVE-2022-43567.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43567",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2022-11-04T23:15:10.147",
"lastModified": "2022-11-08T20:21:50.327",
"lastModified": "2023-07-06T14:47:14.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-502"
}
]
},

4
CVE-2022/CVE-2022-436xx/CVE-2022-43663.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43663",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-03-20T21:15:10.533",
"lastModified": "2023-03-23T19:23:12.697",
"lastModified": "2023-07-06T14:40:23.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-704"
"value": "CWE-681"
}
]
},

14
CVE-2022/CVE-2022-43xx/CVE-2022-4312.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4312",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-12-12T18:15:13.393",
"lastModified": "2022-12-15T16:28:27.670",
"lastModified": "2023-07-06T14:42:05.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-43xx/CVE-2022-4364.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4364",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-08T15:15:10.080",
"lastModified": "2022-12-12T18:28:15.260",
"lastModified": "2023-07-06T14:47:17.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",

12
CVE-2022/CVE-2022-43xx/CVE-2022-4366.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-4366",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-12-08T19:15:10.157",
"lastModified": "2023-06-27T13:19:39.043",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-06T15:15:10.590",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch."
"value": "Missing Authorization in GitHub repository lirantal/daloradius prior to master branch."
}
],
"metrics": {
@ -58,7 +58,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
@ -68,12 +68,12 @@
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-497"
"value": "CWE-862"
}
]
}

4
CVE-2022/CVE-2022-447xx/CVE-2022-44732.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44732",
"sourceIdentifier": "security@acronis.com",
"published": "2022-11-07T19:15:10.117",
"lastModified": "2022-11-08T14:08:29.040",
"lastModified": "2023-07-06T14:47:02.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -63,7 +63,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-732"
}
]
},

4
CVE-2022/CVE-2022-44xx/CVE-2022-4427.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4427",
"sourceIdentifier": "security@otrs.com",
"published": "2022-12-19T09:15:09.707",
"lastModified": "2022-12-28T19:27:01.427",
"lastModified": "2023-07-06T14:42:09.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-89"
}
]
},

5
CVE-2022/CVE-2022-44xx/CVE-2022-4498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4498",
"sourceIdentifier": "cret@cert.org",
"published": "2023-01-11T21:15:10.213",
"lastModified": "2023-01-19T19:10:56.600",
"lastModified": "2023-07-06T14:46:42.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-120"
"value": "CWE-787"
}
]
},
@ -118,6 +118,7 @@
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
]
}

4
CVE-2022/CVE-2022-485xx/CVE-2022-48507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48507",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.033",
"lastModified": "2023-07-06T13:15:10.033",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48508.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48508",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.087",
"lastModified": "2023-07-06T13:15:10.087",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48509",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.133",
"lastModified": "2023-07-06T13:15:10.133",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48510.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48510",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.187",
"lastModified": "2023-07-06T13:15:10.187",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48511.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48511",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.233",
"lastModified": "2023-07-06T13:15:10.233",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48512.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48512",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.280",
"lastModified": "2023-07-06T13:15:10.280",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48513",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.330",
"lastModified": "2023-07-06T13:15:10.330",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48514",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.377",
"lastModified": "2023-07-06T13:15:10.377",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48515",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.427",
"lastModified": "2023-07-06T13:15:10.427",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48516",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.477",
"lastModified": "2023-07-06T13:15:10.477",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48517",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.517",
"lastModified": "2023-07-06T13:15:10.517",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48518",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.563",
"lastModified": "2023-07-06T13:15:10.563",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48519",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.610",
"lastModified": "2023-07-06T13:15:10.610",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:22.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48520.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48520",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.660",
"lastModified": "2023-07-06T13:15:10.660",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-16xx/CVE-2023-1691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1691",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.710",
"lastModified": "2023-07-06T13:15:10.710",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-16xx/CVE-2023-1695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1695",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-07-06T13:15:10.757",
"lastModified": "2023-07-06T13:15:10.757",
"vulnStatus": "Received",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-222xx/CVE-2023-22299.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22299",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.713",
"lastModified": "2023-07-06T15:16:38.363",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1712",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-223xx/CVE-2023-22306.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22306",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.823",
"lastModified": "2023-07-06T15:16:38.363",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1698",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-223xx/CVE-2023-22319.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22319",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.897",
"lastModified": "2023-07-06T15:16:38.363",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1701",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-223xx/CVE-2023-22365.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22365",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.973",
"lastModified": "2023-07-06T15:16:38.363",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1711",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-223xx/CVE-2023-22371.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22371",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.050",
"lastModified": "2023-07-06T15:16:38.363",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1703",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22653.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22653",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.130",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1714",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22659.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22659",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.200",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1699",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-228xx/CVE-2023-22844.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22844",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.270",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700",
"source": "talos-cna@cisco.com"
}
]
}

71
CVE-2023/CVE-2023-22xx/CVE-2023-2232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2232",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-06-28T21:15:09.707",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T15:36:20.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -34,18 +54,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.10",
"versionEndExcluding": "16.1",
"matchCriteriaId": "F23C98C0-1171-4509-99AB-3D7C6589CE2D"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.json",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408352",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/1934802",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23546.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23546",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.343",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1705",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23547.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23547",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.427",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1695",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23550.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23550",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.497",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1694",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23571.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23571",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.567",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23902.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23902",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.647",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1697",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23907.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23907",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.723",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1702",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-240xx/CVE-2023-24018.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24018",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.797",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-240xx/CVE-2023-24019.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24019",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.867",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1718",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24496.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24496",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:11.953",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24497.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24497",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.037",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24519.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24519",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.107",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1706",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24520.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24520",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.180",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1706",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24582.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24582",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.250",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1710",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24583.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24583",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.327",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1710",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24595.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24595",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.397",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1713",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25081.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25081",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.470",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25082.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25082",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.540",
"lastModified": "2023-07-06T15:16:32.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25083.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25083",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.610",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25084.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25084",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.680",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25085.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25085",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.757",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25086.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25086",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.827",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25087.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25087",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.897",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25088.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25088",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:12.967",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25089.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25089",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.043",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25090.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25090",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.117",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25091.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25091",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.187",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25092.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25092",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.257",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25093.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25093",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.333",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable.."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25094.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25094",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.423",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25095.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25095",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.493",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25096.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25096",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.563",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25097.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25097",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.637",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25098.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25098",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.707",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25099.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25099",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.783",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25100.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25100",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.857",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25101.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25101",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.923",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25102.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25102",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:13.993",
"lastModified": "2023-07-06T15:16:27.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25103.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25103",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:14.060",
"lastModified": "2023-07-06T15:16:23.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25104.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25104",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:14.127",
"lastModified": "2023-07-06T15:16:23.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25105.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25105",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:14.197",
"lastModified": "2023-07-06T15:16:23.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25106.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25106",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:14.267",
"lastModified": "2023-07-06T15:16:23.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716",
"source": "talos-cna@cisco.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More