admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-19T20:00:24.755970+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-19 20:00:28 +00:00
parent aa5cee83c8
commit 3f537c4525
25 changed files with 1274 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-119xx/CVE-2020-11978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-11978", "id": "CVE-2020-11978",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2020-07-17T00:15:10.337", "published": "2020-07-17T00:15:10.337",
"lastModified": "2022-07-12T17:42:04.277", "lastModified": "2023-09-19T18:15:16.607",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cisaExploitAdd": "2022-01-18", "cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-07-18", "cisaActionDue": "2022-07-18",
"cisaRequiredAction": "Apply updates per vendor instructions.", "cisaRequiredAction": "Apply updates per vendor instructions.",
@ -107,6 +107,10 @@
"VDB Entry" "VDB Entry"
] ]
}, },
{
"url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html",
"source": "security@apache.org"
},
{ {
"url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",

8
CVE-2020/CVE-2020-139xx/CVE-2020-13927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-13927", "id": "CVE-2020-13927",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2020-11-10T16:15:11.807", "published": "2020-11-10T16:15:11.807",
"lastModified": "2022-07-12T17:42:04.277", "lastModified": "2023-09-19T18:15:16.797",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cisaExploitAdd": "2022-01-18", "cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-07-18", "cisaActionDue": "2022-07-18",
"cisaRequiredAction": "Apply updates per vendor instructions.", "cisaRequiredAction": "Apply updates per vendor instructions.",
@ -107,6 +107,10 @@
"VDB Entry" "VDB Entry"
] ]
}, },
{
"url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html",
"source": "security@apache.org"
},
{ {
"url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", "url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",

8
CVE-2023/CVE-2023-225xx/CVE-2023-22513.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22513", "id": "CVE-2023-22513",
"sourceIdentifier": "security@atlassian.com", "sourceIdentifier": "security@atlassian.com",
"published": "2023-09-19T17:15:08.017", "published": "2023-09-19T17:15:08.017",
"lastModified": "2023-09-19T17:57:31.250", "lastModified": "2023-09-19T19:15:51.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes ([https://confluence.atlassian.com/bitbucketserver/release-notes]). You can download the latest version of Bitbucket Data Center and Server from the download center ([https://www.atlassian.com/software/bitbucket/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program" "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program"
},
{
"lang": "es",
"value": "Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de Alta gravedad se introdujo en la versi\u00f3n 8.0.0 de Bitbucket Data Center and Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8,5, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Bitbucket Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: Bitbucket Data Center y Server 8.9: actualice a una versi\u00f3n superior o igual a 8.9.5 Bitbucket Data Center y Server 8.10: actualice a una versi\u00f3n mayor o igual a 8.10.5 Bitbucket Data Center y Server 8.11: actualice a una versi\u00f3n mayor o igual a 8.11.4 Bitbucket Data Center y Server 8.12: actualice a una versi\u00f3n mayor o igual a 8.12.2 Bitbucket Data Center y Server 8.13: actualice a una versi\u00f3n mayor o igual a 8.13.1 Bitbucket Data Center y Server 8.14: actualice a una versi\u00f3n mayor o igual a 8.14.0 Bitbucket Data Versi\u00f3n de Center y Server &gt;= 8.0 y &lt; 8.9: actualice a cualquiera de las versiones de correcci\u00f3n enumeradas. Consulte las notas de la versi\u00f3n ([https://confluence.atlassian.com/bitbucketserver/release-notes]). Puede descargar la \u00faltima versi\u00f3n de Bitbucket Data Center and Server desde el centro de descargas ([https://www.atlassian.com/software/bitbucket/download-archives]). Esta vulnerabilidad fue descubierta por un usuario privado y reportada a trav\u00e9s de nuestro programa Bug Bounty."
} }
], ],
"metrics": { "metrics": {

8
CVE-2023/CVE-2023-260xx/CVE-2023-26067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26067", "id": "CVE-2023-26067",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-10T20:15:10.387", "published": "2023-04-10T20:15:10.387",
"lastModified": "2023-05-08T20:13:53.287", "lastModified": "2023-09-19T18:15:16.977",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -1401,6 +1401,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf", "url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf",
"source": "cve@mitre.org", "source": "cve@mitre.org",

8
CVE-2023/CVE-2023-260xx/CVE-2023-26068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26068", "id": "CVE-2023-26068",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-10T20:15:10.483", "published": "2023-04-10T20:15:10.483",
"lastModified": "2023-05-08T20:13:40.727", "lastModified": "2023-09-19T18:15:17.397",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -1371,6 +1371,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf", "url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf",
"source": "cve@mitre.org", "source": "cve@mitre.org",

75
CVE-2023/CVE-2023-294xx/CVE-2023-29499.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29499", "id": "CVE-2023-29499",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T20:15:09.420", "published": "2023-09-14T20:15:09.420",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:53:27.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service." "value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegaci\u00f3n de servicio."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +58,59 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.74.4",
"matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-29499", "url": "https://access.redhat.com/security/cve/CVE-2023-29499",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

67
CVE-2023/CVE-2023-326xx/CVE-2023-32636.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32636", "id": "CVE-2023-32636",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T20:15:09.653", "published": "2023-09-14T20:15:09.653",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:59:27.957",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499." "value": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en glib, donde el c\u00f3digo de deserializaci\u00f3n gvariant es vulnerable a una denegaci\u00f3n de servicio introducida por una validaci\u00f3n de entrada adicional agregada para resolver CVE-2023-29499. La validaci\u00f3n de la tabla de desplazamiento puede ser muy lenta. Este error no afecta a ninguna versi\u00f3n publicada de glib, pero s\u00ed afecta a los distribuidores de glib que siguieron las instrucciones de los desarrolladores de glib para respaldar la soluci\u00f3n inicial para CVE-2023-29499."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +80,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.74.4",
"matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", "url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

84
CVE-2023/CVE-2023-37xx/CVE-2023-3712.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3712", "id": "CVE-2023-3712",
"sourceIdentifier": "psirt@honeywell.com", "sourceIdentifier": "psirt@honeywell.com",
"published": "2023-09-12T20:15:09.787", "published": "2023-09-12T20:15:09.787",
"lastModified": "2023-09-12T20:41:39.640", "lastModified": "2023-09-19T19:58:56.997",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" "value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Archivos o Directorios Accesibles a Partes Externas en Honeywell PM43 en 32 bits, ARM (M\u00f3dulos de p\u00e1gina web de impresora) permite la escalada de privilegios. Este problema afecta a las versiones de PM43 anteriores a P10.19.050004. Actualice a la \u00faltima versi\u00f3n de firmware disponible de las respectivas impresoras a la versi\u00f3n MR19.5 (por ejemplo, P10.19.050006)."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "psirt@honeywell.com", "source": "psirt@honeywell.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{ {
"source": "psirt@honeywell.com", "source": "psirt@honeywell.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +80,58 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "p10.19.050004",
"matchCriteriaId": "A8838609-3252-452F-A122-F454379006BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:honeywell:pm43:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "C5F24450-6D4D-4F32-A2E3-E06EA0466CD7"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004",
"source": "psirt@honeywell.com" "source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A",
"source": "psirt@honeywell.com" "source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://www.honeywell.com/us/en/product-security", "url": "https://www.honeywell.com/us/en/product-security",
"source": "psirt@honeywell.com" "source": "psirt@honeywell.com",
"tags": [
"Not Applicable",
"Product"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-389xx/CVE-2023-38912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38912", "id": "CVE-2023-38912",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T21:15:10.560", "published": "2023-09-14T21:15:10.560",
"lastModified": "2023-09-18T20:15:09.637", "lastModified": "2023-09-19T19:38:08.673",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,75 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Super Store Finder PHP Script v.3.6 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro de nombre de usuario." "value": "Vulnerabilidad de inyecci\u00f3n SQL en Super Store Finder PHP Script v.3.6 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro de nombre de usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:superstorefinder:php_script:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5FA0BF-84F6-438B-93AA-E7CC8B77FD7A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://codecanyon.net/item/super-store-finder/3630922", "url": "https://codecanyon.net/item/super-store-finder/3630922",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://packetstormsecurity.com/files/173302/Super-Store-Finder-PHP-Script-3.6-SQL-Injection.html", "url": "https://packetstormsecurity.com/files/173302/Super-Store-Finder-PHP-Script-3.6-SQL-Injection.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-392xx/CVE-2023-39285.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-39285", "id": "CVE-2023-39285",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T19:16:50.847", "published": "2023-09-14T19:16:50.847",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:00:45.343",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings." "value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta 19.3 SP3 (22.24.5800.0) podr\u00eda permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validaci\u00f3n de la solicitud insuficiente. Un exploit exitoso podr\u00eda permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitir\u00eda modificar la configuraci\u00f3n del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.24.7100.0",
"matchCriteriaId": "831DFDAA-0551-40E4-8E36-85840CA972B7"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-392xx/CVE-2023-39286.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-39286", "id": "CVE-2023-39286",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T19:16:50.907", "published": "2023-09-14T19:16:50.907",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:04:08.670",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings." "value": "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Connect Mobility Router de Mitel MiVoice Connect hasta 9.6.2304.102 podr\u00eda permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validaci\u00f3n de la solicitud insuficiente. Un exploit exitoso podr\u00eda permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitir\u00eda modificar la configuraci\u00f3n del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:connect_mobility_router:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.6.2307.111",
"matchCriteriaId": "95732356-9292-4D88-9346-28F4328919ED"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

84
CVE-2023/CVE-2023-409xx/CVE-2023-40955.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40955", "id": "CVE-2023-40955",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.743", "published": "2023-09-15T00:15:07.743",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T19:19:05.487",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component." "value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Didotech srl Engineering &amp; Lifecycle Management (tambi\u00e9n conocido como pdm) v.14.0, v.15.0 y v.16.0 corregida en pdm-14.0.1.0.0, pdm-15.0.1.0.0 y pdm-16.0.1.0 .0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro select en el componente models/base_client.py."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.0.1.0.0",
"matchCriteriaId": "5C12E004-C78B-4663-98B4-C1F4130B4CFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.0.1.0.0",
"matchCriteriaId": "B9A5E9AD-8B3E-487C-BDA7-DB5A8BE41C55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.0.1.0.0",
"matchCriteriaId": "5D7E90B5-268E-49F8-A74A-E9EE754E5467"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/2", "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/2",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-409xx/CVE-2023-40956.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40956", "id": "CVE-2023-40956",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.800", "published": "2023-09-15T00:15:07.800",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T19:19:23.003",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component." "value": "A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Cloudroits Website Job Search v.15.0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro nombre en el componente controllers/main.py."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudroits:wesite_job_search:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F85EB4F-FE53-4B49-8CE9-A811554AE10D"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search", "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2023/CVE-2023-409xx/CVE-2023-40957.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40957", "id": "CVE-2023-40957",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.853", "published": "2023-09-15T00:15:07.853",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:28:38.510",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component." "value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Didotech srl Engineering &amp; Lifecycle Management (tambi\u00e9n conocido como pdm) v.14.0, v.15.0 y v.16.0 corregida en pdm-14.0.1.0.0, pdm-15.0.1.0.0 y pdm-16.0.1.0 .0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de solicitud en el componente models/base_client.py."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.0.1.0.0",
"matchCriteriaId": "5C12E004-C78B-4663-98B4-C1F4130B4CFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.0.1.0.0",
"matchCriteriaId": "B9A5E9AD-8B3E-487C-BDA7-DB5A8BE41C55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.0.1.0.0",
"matchCriteriaId": "5D7E90B5-268E-49F8-A74A-E9EE754E5467"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/3", "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/3",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2023/CVE-2023-409xx/CVE-2023-40958.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40958", "id": "CVE-2023-40958",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.907", "published": "2023-09-15T00:15:07.907",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:28:54.250",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component." "value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Didotech srl Engineering &amp; Lifecycle Management (tambi\u00e9n conocido como pdm) v.14.0, v.15.0 y v.16.0 corregida en pdm-14.0.1.0.0, pdm-15.0.1.0.0 y pdm-16.0.1.0 .0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de consulta en el componente models/base_client.py."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.0.1.0.0",
"matchCriteriaId": "5C12E004-C78B-4663-98B4-C1F4130B4CFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.0.1.0.0",
"matchCriteriaId": "B9A5E9AD-8B3E-487C-BDA7-DB5A8BE41C55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.0.1.0.0",
"matchCriteriaId": "5D7E90B5-268E-49F8-A74A-E9EE754E5467"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/1", "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

80
CVE-2023/CVE-2023-410xx/CVE-2023-41011.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-41011", "id": "CVE-2023-41011",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T19:16:50.960", "published": "2023-09-14T19:16:50.960",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:17:34.377",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component." "value": "Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Ejecuci\u00f3n de Comandos en China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente short_telnet.cg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:chinamobile:intelligent_home_gateway_firmware:hg6543c4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2533ED-388E-43E7-BF0B-E6BB76790671"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:chinamobile:intelligent_home_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB451CE-0E86-4524-8FF5-C0A3F9FAB9A2"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4", "url": "https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2023/CVE-2023-411xx/CVE-2023-41160.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-41160", "id": "CVE-2023-41160",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T21:15:10.750", "published": "2023-09-14T21:15:10.750",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:23:34.110",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key." "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la pesta\u00f1a de configuraci\u00f3n SSH en Usermin 2.001 permite a los atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del campo de nombre de clave mientras agregan una clave autorizada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:usermin:2.001:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE9B3CB-9D26-492D-9584-317C5BE061EE"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41160", "url": "https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41160",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://webmin.com/tags/webmin-changelog/", "url": "https://webmin.com/tags/webmin-changelog/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
} }
] ]
} }

80
CVE-2023/CVE-2023-415xx/CVE-2023-41592.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-41592", "id": "CVE-2023-41592",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T23:15:08.210", "published": "2023-09-14T23:15:08.210",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T19:20:55.553",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability." "value": "Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Froala Editor v4.0.1 a v4.1.1 contiene una vulnerabilidad de cross-site scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:froala:froala_editor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.1",
"versionEndIncluding": "4.1.1",
"matchCriteriaId": "F425DEFF-C906-48D5-9E5B-DA167D35E0C3"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://hacker.soarescorp.com/cve/2023-41592/", "url": "https://hacker.soarescorp.com/cve/2023-41592/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://owasp.org/Top10/A03_2021-Injection/", "url": "https://owasp.org/Top10/A03_2021-Injection/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://owasp.org/www-project-top-ten/", "url": "https://owasp.org/www-project-top-ten/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

67
CVE-2023/CVE-2023-423xx/CVE-2023-42362.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-42362", "id": "CVE-2023-42362",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T21:15:10.833", "published": "2023-09-14T21:15:10.833",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T19:34:03.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file." "value": "An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitraria en Teller Web App v.4.4.0 permite a un atacante remoto ejecutar comandos arbitrarios y obtener informaci\u00f3n confidencial cargando un archivo manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:teller:teller:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97F096CD-4B11-4722-82CD-093BE751EB6E"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/Mr-n0b3dy/CVE-2023-42362", "url": "https://github.com/Mr-n0b3dy/CVE-2023-42362",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

77
CVE-2023/CVE-2023-46xx/CVE-2023-4669.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2023-4669", "id": "CVE-2023-4669",
"sourceIdentifier": "cve@usom.gov.tr", "sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-14T19:16:51.013", "published": "2023-09-14T19:16:51.013",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:32:49.497",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0.\n\n" "value": "** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0.\n\n"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La omisi\u00f3n de autenticaci\u00f3n mediante una vulnerabilidad de datos supuestamente inmutables en Exagate SYSGuard 3001 permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a SYSGuard 3001: versiones anteriores a 3.2.20.0."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cve@usom.gov.tr", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,13 +35,43 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cve@usom.gov.tr", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,10 +80,43 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:exagate:sysguard_3001_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.20.0",
"matchCriteriaId": "1FECDDA7-F79C-41B6-BC49-E403FEFAD243"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:exagate:sysguard_3001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DED9517-3757-4799-ADAC-DFD2FAF27EAD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.usom.gov.tr/bildirim/tr-23-0525", "url": "https://www.usom.gov.tr/bildirim/tr-23-0525",
"source": "cve@usom.gov.tr" "source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

31
CVE-2023/CVE-2023-46xx/CVE-2023-4676.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4676", "id": "CVE-2023-4676",
"sourceIdentifier": "cve@usom.gov.tr", "sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-14T20:15:11.923", "published": "2023-09-14T20:15:11.923",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:45:20.783",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.\n\n" "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Yordam MedasPro permite XSS reflejado. Este problema afecta a MedasPro: antes de 28."
} }
], ],
"metrics": { "metrics": {
@ -46,10 +50,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yordam:medaspro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28",
"matchCriteriaId": "439C527B-B9BC-4E28-AA91-6B7095E39651"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.usom.gov.tr/bildirim/tr-23-0527", "url": "https://www.usom.gov.tr/bildirim/tr-23-0527",
"source": "cve@usom.gov.tr" "source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

65
CVE-2023/CVE-2023-47xx/CVE-2023-4702.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4702", "id": "CVE-2023-4702",
"sourceIdentifier": "cve@usom.gov.tr", "sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-14T20:15:12.373", "published": "2023-09-14T20:15:12.373",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:38:11.833",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.\n\n" "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n usando un Canal o Ruta Alternativa en Yepas Digital Yepas permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a Digital Yepas: anteriores a 1.0.1."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cve@usom.gov.tr", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
@ -36,8 +60,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cve@usom.gov.tr", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yepas:digital_yepas:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.1",
"matchCriteriaId": "5BE3506D-F955-4B85-B23E-F1D9B9669955"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.usom.gov.tr/bildirim/tr-23-0526", "url": "https://www.usom.gov.tr/bildirim/tr-23-0526",
"source": "cve@usom.gov.tr" "source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

65
CVE-2023/CVE-2023-49xx/CVE-2023-4965.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4965", "id": "CVE-2023-4965",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-14T20:15:12.880", "published": "2023-09-14T20:15:12.880",
"lastModified": "2023-09-15T00:31:20.767", "lastModified": "2023-09-19T18:40:16.173",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732." "value": "A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en phpipam 1.5.1. Ha sido calificado como problem\u00e1tico. Una funci\u00f3n desconocida del componente Header Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento X-Forwarded-Host conduce a una redirecci\u00f3n abierta. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-239732."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,18 +97,47 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpipam:phpipam:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44568465-4A70-496E-A435-AC8928B323E5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md", "url": "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.239732", "url": "https://vuldb.com/?ctiid.239732",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.239732", "url": "https://vuldb.com/?id.239732",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
} }
] ]
} }

8
CVE-2023/CVE-2023-49xx/CVE-2023-4987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4987", "id": "CVE-2023-4987",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T15:15:08.273", "published": "2023-09-15T15:15:08.273",
"lastModified": "2023-09-19T15:02:28.477", "lastModified": "2023-09-19T18:15:17.673",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -115,6 +115,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174760/Taskhub-2.8.7-SQL-Injection.html",
"source": "cna@vuldb.com"
},
{ {
"url": "https://vuldb.com/?ctiid.239798", "url": "https://vuldb.com/?ctiid.239798",
"source": "cna@vuldb.com", "source": "cna@vuldb.com",

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-09-19T18:00:24.697447+00:00 2023-09-19T20:00:24.755970+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-09-19T17:58:34.500000+00:00 2023-09-19T19:58:56.997000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -34,52 +34,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `13` Recently added CVEs: `0`
* [CVE-2023-32182](CVE-2023/CVE-2023-321xx/CVE-2023-32182.json) (`2023-09-19T16:15:09.347`)
* [CVE-2023-38351](CVE-2023/CVE-2023-383xx/CVE-2023-38351.json) (`2023-09-19T16:15:10.710`)
* [CVE-2023-38352](CVE-2023/CVE-2023-383xx/CVE-2023-38352.json) (`2023-09-19T16:15:11.097`)
* [CVE-2023-38353](CVE-2023/CVE-2023-383xx/CVE-2023-38353.json) (`2023-09-19T16:15:11.427`)
* [CVE-2023-38354](CVE-2023/CVE-2023-383xx/CVE-2023-38354.json) (`2023-09-19T16:15:11.737`)
* [CVE-2023-38355](CVE-2023/CVE-2023-383xx/CVE-2023-38355.json) (`2023-09-19T16:15:12.007`)
* [CVE-2023-38356](CVE-2023/CVE-2023-383xx/CVE-2023-38356.json) (`2023-09-19T16:15:12.363`)
* [CVE-2023-42450](CVE-2023/CVE-2023-424xx/CVE-2023-42450.json) (`2023-09-19T16:15:12.897`)
* [CVE-2023-42451](CVE-2023/CVE-2023-424xx/CVE-2023-42451.json) (`2023-09-19T16:15:13.303`)
* [CVE-2023-42452](CVE-2023/CVE-2023-424xx/CVE-2023-42452.json) (`2023-09-19T16:15:13.630`)
* [CVE-2023-22513](CVE-2023/CVE-2023-225xx/CVE-2023-22513.json) (`2023-09-19T17:15:08.017`)
* [CVE-2023-42793](CVE-2023/CVE-2023-427xx/CVE-2023-42793.json) (`2023-09-19T17:15:08.330`)
* [CVE-2023-43566](CVE-2023/CVE-2023-435xx/CVE-2023-43566.json) (`2023-09-19T17:15:08.463`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `30` Recently modified CVEs: `24`
* [CVE-2023-4314](CVE-2023/CVE-2023-43xx/CVE-2023-4314.json) (`2023-09-19T16:17:56.223`) * [CVE-2020-11978](CVE-2020/CVE-2020-119xx/CVE-2020-11978.json) (`2023-09-19T18:15:16.607`)
* [CVE-2023-4307](CVE-2023/CVE-2023-43xx/CVE-2023-4307.json) (`2023-09-19T16:18:59.537`) * [CVE-2020-13927](CVE-2020/CVE-2020-139xx/CVE-2020-13927.json) (`2023-09-19T18:15:16.797`)
* [CVE-2023-4294](CVE-2023/CVE-2023-42xx/CVE-2023-4294.json) (`2023-09-19T16:19:36.820`) * [CVE-2023-39285](CVE-2023/CVE-2023-392xx/CVE-2023-39285.json) (`2023-09-19T18:00:45.343`)
* [CVE-2023-4278](CVE-2023/CVE-2023-42xx/CVE-2023-4278.json) (`2023-09-19T16:23:14.777`) * [CVE-2023-39286](CVE-2023/CVE-2023-392xx/CVE-2023-39286.json) (`2023-09-19T18:04:08.670`)
* [CVE-2023-41156](CVE-2023/CVE-2023-411xx/CVE-2023-41156.json) (`2023-09-19T16:28:17.837`) * [CVE-2023-26067](CVE-2023/CVE-2023-260xx/CVE-2023-26067.json) (`2023-09-19T18:15:16.977`)
* [CVE-2023-41159](CVE-2023/CVE-2023-411xx/CVE-2023-41159.json) (`2023-09-19T16:52:36.037`) * [CVE-2023-26068](CVE-2023/CVE-2023-260xx/CVE-2023-26068.json) (`2023-09-19T18:15:17.397`)
* [CVE-2023-42180](CVE-2023/CVE-2023-421xx/CVE-2023-42180.json) (`2023-09-19T17:09:40.980`) * [CVE-2023-4987](CVE-2023/CVE-2023-49xx/CVE-2023-4987.json) (`2023-09-19T18:15:17.673`)
* [CVE-2023-36472](CVE-2023/CVE-2023-364xx/CVE-2023-36472.json) (`2023-09-19T17:15:08.173`) * [CVE-2023-41011](CVE-2023/CVE-2023-410xx/CVE-2023-41011.json) (`2023-09-19T18:17:34.377`)
* [CVE-2023-4155](CVE-2023/CVE-2023-41xx/CVE-2023-4155.json) (`2023-09-19T17:18:08.987`) * [CVE-2023-41160](CVE-2023/CVE-2023-411xx/CVE-2023-41160.json) (`2023-09-19T18:23:34.110`)
* [CVE-2023-26141](CVE-2023/CVE-2023-261xx/CVE-2023-26141.json) (`2023-09-19T17:22:21.723`) * [CVE-2023-40957](CVE-2023/CVE-2023-409xx/CVE-2023-40957.json) (`2023-09-19T18:28:38.510`)
* [CVE-2023-38205](CVE-2023/CVE-2023-382xx/CVE-2023-38205.json) (`2023-09-19T17:27:19.593`) * [CVE-2023-40958](CVE-2023/CVE-2023-409xx/CVE-2023-40958.json) (`2023-09-19T18:28:54.250`)
* [CVE-2023-38206](CVE-2023/CVE-2023-382xx/CVE-2023-38206.json) (`2023-09-19T17:43:50.263`) * [CVE-2023-4669](CVE-2023/CVE-2023-46xx/CVE-2023-4669.json) (`2023-09-19T18:32:49.497`)
* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-19T17:49:57.207`) * [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-09-19T18:38:11.833`)
* [CVE-2023-41267](CVE-2023/CVE-2023-412xx/CVE-2023-41267.json) (`2023-09-19T17:52:38.127`) * [CVE-2023-4965](CVE-2023/CVE-2023-49xx/CVE-2023-4965.json) (`2023-09-19T18:40:16.173`)
* [CVE-2023-31808](CVE-2023/CVE-2023-318xx/CVE-2023-31808.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-4676](CVE-2023/CVE-2023-46xx/CVE-2023-4676.json) (`2023-09-19T18:45:20.783`)
* [CVE-2023-41179](CVE-2023/CVE-2023-411xx/CVE-2023-41179.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-29499](CVE-2023/CVE-2023-294xx/CVE-2023-29499.json) (`2023-09-19T18:53:27.373`)
* [CVE-2023-4093](CVE-2023/CVE-2023-40xx/CVE-2023-4093.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-32636](CVE-2023/CVE-2023-326xx/CVE-2023-32636.json) (`2023-09-19T18:59:27.957`)
* [CVE-2023-4094](CVE-2023/CVE-2023-40xx/CVE-2023-4094.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-22513](CVE-2023/CVE-2023-225xx/CVE-2023-22513.json) (`2023-09-19T19:15:51.607`)
* [CVE-2023-4095](CVE-2023/CVE-2023-40xx/CVE-2023-4095.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-40955](CVE-2023/CVE-2023-409xx/CVE-2023-40955.json) (`2023-09-19T19:19:05.487`)
* [CVE-2023-4096](CVE-2023/CVE-2023-40xx/CVE-2023-4096.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-40956](CVE-2023/CVE-2023-409xx/CVE-2023-40956.json) (`2023-09-19T19:19:23.003`)
* [CVE-2023-3892](CVE-2023/CVE-2023-38xx/CVE-2023-3892.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-41592](CVE-2023/CVE-2023-415xx/CVE-2023-41592.json) (`2023-09-19T19:20:55.553`)
* [CVE-2023-41890](CVE-2023/CVE-2023-418xx/CVE-2023-41890.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-42362](CVE-2023/CVE-2023-423xx/CVE-2023-42362.json) (`2023-09-19T19:34:03.287`)
* [CVE-2023-42444](CVE-2023/CVE-2023-424xx/CVE-2023-42444.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-38912](CVE-2023/CVE-2023-389xx/CVE-2023-38912.json) (`2023-09-19T19:38:08.673`)
* [CVE-2023-42447](CVE-2023/CVE-2023-424xx/CVE-2023-42447.json) (`2023-09-19T17:57:31.250`) * [CVE-2023-3712](CVE-2023/CVE-2023-37xx/CVE-2023-3712.json) (`2023-09-19T19:58:56.997`)
* [CVE-2023-30909](CVE-2023/CVE-2023-309xx/CVE-2023-30909.json) (`2023-09-19T17:58:34.500`)
## Download and Usage ## Download and Usage