admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-05T18:01:45.342648+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-05 18:01:48 +00:00
parent 847d7b9741
commit 49c088d1f1
49 changed files with 11364 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-32xx/CVE-2022-3248.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-3248",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T14:15:09.650",
"lastModified": "2023-10-05T14:15:09.650",
"vulnStatus": "Received",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenShift API, as admission checks do not enforce \"custom-host\" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en la API de OpenShift, ya que las comprobaciones de admisi\u00f3n no aplican permisos de \"custom-host\". Este problema podr\u00eda permitir que un atacante viole los l\u00edmites, ya que no se aplicar\u00e1n los permisos."
}
],
"metrics": {

89
CVE-2022/CVE-2022-41xx/CVE-2022-4132.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4132",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T12:15:10.230",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:03:54.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page)."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en JSS. Una p\u00e9rdida de memoria en JSS requiere una configuraci\u00f3n no est\u00e1ndar, pero es un vector DoS de bajo esfuerzo si se configura de esa manera (presionando repetidamente la p\u00e1gina de inicio de sesi\u00f3n)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dogtagpki:network_security_services_for_java:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.0",
"matchCriteriaId": "BAAADD35-9518-4DFC-A486-09B52EE860E1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4132",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

4
CVE-2022/CVE-2022-41xx/CVE-2022-4145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4145",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T13:15:09.543",
"lastModified": "2023-10-05T13:15:09.543",
"vulnStatus": "Received",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

5267
CVE-2023/CVE-2023-201xx/CVE-2023-20109.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2023/CVE-2023-226xx/CVE-2023-22647.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22647",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-06-01T13:15:10.467",
"lastModified": "2023-06-09T17:55:10.893",
"lastModified": "2023-10-05T16:28:13.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-281"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2023/CVE-2023-226xx/CVE-2023-22648.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22648",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-06-01T13:15:10.553",
"lastModified": "2023-06-09T17:23:02.350",
"lastModified": "2023-10-05T16:27:57.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-384"
"value": "NVD-CWE-Other"
}
]
},

55
CVE-2023/CVE-2023-23xx/CVE-2023-2306.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2306",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-10-05T17:15:11.373",
"lastModified": "2023-10-05T17:15:11.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nQognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

63
CVE-2023/CVE-2023-257xx/CVE-2023-25788.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25788",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:09.997",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:06:48.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <=\u00a01.8.13 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Saphali Saphali Woocommerce Lite en versiones &lt;= 1.8.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:saphali:woocommerce:*:*:*:*:lite:wordpress:*:*",
"versionEndIncluding": "1.8.13",
"matchCriteriaId": "27172017-F844-4B1A-B5D3-199489DBF9B8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/saphali-woocommerce-lite/wordpress-saphali-woocommerce-lite-plugin-1-8-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-259xx/CVE-2023-25980.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25980",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:10.077",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-05T17:06:25.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <=\u00a05.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CAGE Web Design | Rolf van Gelder Optimice Database en el complemento Deleting Revisions en versiones &lt;= 5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cagewebdev:optimize_database_after_deleting_revisions:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1",
"matchCriteriaId": "A66FB2C6-AC92-4C57-8105-AD9919DFB174"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rvg-optimize-database/wordpress-optimize-database-after-deleting-revisions-plugin-5-0-110-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-26xx/CVE-2023-2681.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2681",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T13:15:09.937",
"lastModified": "2023-10-03T13:52:20.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:43:37.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de inyecci\u00f3n SQL en la versi\u00f3n 1.0.0 de Jorani. Esta vulnerabilidad permite que un usuario remoto autenticado, con bajos privilegios, env\u00ede consultas con c\u00f3digo SQL malicioso en la ruta \"/leaves/validate\" y el par\u00e1metro \u201cid\u201d, logrando extraer informaci\u00f3n arbitraria de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jorani_project:jorani:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00665EA7-7D22-4226-801E-ABA4BD94D0D7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-28xx/CVE-2023-2809.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2809",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.223",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:06:16.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso de credenciales de texto plano en Sage 200 Spain versi\u00f3n 2023.38.001, cuya explotaci\u00f3n podr\u00eda permitir a un atacante remoto extraer las credenciales de la base de datos SQL de la aplicaci\u00f3n DLL. Esta vulnerabilidad podr\u00eda estar vinculada a t\u00e9cnicas conocidas para obtener la ejecuci\u00f3n remota de comandos de MS SQL y escalar privilegios en sistemas Windows porque las credenciales se almacenan en texto plano."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sage:sage_200_spain:2023.38.001:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BE3A89-92DE-408B-B288-B6DB86D1C8D3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-30xx/CVE-2023-3037.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3037",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T12:15:10.373",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:02:55.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n incorrecta en HelpDezk Community que afecta a la versi\u00f3n 1.1.10. Esta vulnerabilidad podr\u00eda permitir que un atacante remoto acceda a la plataforma sin autenticaci\u00f3n y recupere datos personales a trav\u00e9s del par\u00e1metro jsonGrid."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:helpdezk:helpdezk:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F56C0CE5-F456-4817-AB6B-4401577AA5DE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-30xx/CVE-2023-3038.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3038",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T12:15:10.437",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:02:04.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en HelpDezk Community que afecta a la versi\u00f3n 1.1.10. Esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una consulta SQL especialmente manipulada al par\u00e1metro de filas de la ruta jsonGrid y extraer toda la informaci\u00f3n almacenada en la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:helpdezk:helpdezk:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F56C0CE5-F456-4817-AB6B-4401577AA5DE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

3932
CVE-2023/CVE-2023-330xx/CVE-2023-33035.json
View File

File diff suppressed because it is too large Load Diff

81
CVE-2023/CVE-2023-332xx/CVE-2023-33200.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-33200",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-03T17:15:09.727",
"lastModified": "2023-10-03T18:09:47.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:01:00.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.\n\n"
},
{
"lang": "es",
"value": "Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para aprovechar una condici\u00f3n de carrera del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda darle acceso a la memoria ya liberada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -23,10 +60,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r17p0",
"versionEndExcluding": "r44p1",
"matchCriteriaId": "1EE39C8C-96C8-464A-8B66-5BB9E7F585FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mali_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r41p0",
"versionEndExcluding": "r44p1",
"matchCriteriaId": "98C22206-CB3A-465D-84A4-082664E2D0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r19p0",
"versionEndExcluding": "r44p1",
"matchCriteriaId": "F651A77B-0F0B-4C6D-9D87-37027762C251"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-33xx/CVE-2023-3361.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3361",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T12:15:10.567",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:01:42.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Red Hat OpenShift Data Science. Al exportar un pipeline desde Elyra notebook pipeline editor como Python DSL o YAML, lee las credenciales de S3 del cl\u00faster (servidor de pipeline ds) y las guarda en texto plano en la salida generada en lugar de un ID para un secreto de Kubernetes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,73 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendatahub:open_data_hub_dashboard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "6767C5AA-B34C-40E7-9885-C09AA446D8BF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3361",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216588",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/opendatahub-io/odh-dashboard/issues/1415",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
}
]
}

70
CVE-2023/CVE-2023-349xx/CVE-2023-34970.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-34970",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-03T17:15:09.790",
"lastModified": "2023-10-03T18:09:47.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:59:07.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn could give them access to already freed memory\n\n"
},
{
"lang": "es",
"value": "Un usuario local sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para acceder a una cantidad acotada fuera de los l\u00edmites del b\u00fafer o para explotar una condici\u00f3n de ejecuci\u00f3n del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda darle acceso a la memoria ya liberada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -23,10 +60,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mali_gpu_kernel_driver:r44p0:*:*:*:*:*:*:*",
"matchCriteriaId": "5515E35C-EBB2-45BA-9566-27B6CC2FF654"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:r44p0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC2A7A-EA16-4F93-95CD-3442BE2CD3C9"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-35xx/CVE-2023-3512.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3512",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.363",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:04:39.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the \"Download file\" parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad relativa de path traversal en Setelsa Security's ConacWin CB, en su versi\u00f3n 3.8.2.2 y anteriores, cuya explotaci\u00f3n podr\u00eda permitir a un atacante realizar una descarga arbitraria de archivos del sistema a trav\u00e9s del par\u00e1metro \"Descargar archivo\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:setelsa-security:conacwin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.8.2.2",
"matchCriteriaId": "AECA3302-4A34-45AA-A68E-A8CDEC89526A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-v6jm-v768-76h2",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Broken Link"
]
}
]
}

51
CVE-2023/CVE-2023-379xx/CVE-2023-37995.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37995",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:10.297",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:04:25.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <=\u00a03.1.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Chetan Gole WP-CopyProtect [Protect your blog posts] en versiones &lt;= 3.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-copyprotect_project:wp-copyprotect:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "7092CB5F-E587-4544-A897-A512E0EBE0FC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-copyprotect/wordpress-wp-copyprotect-protect-your-blog-posts-plugin-3-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-37xx/CVE-2023-3701.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3701",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.430",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:04:18.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform."
},
{
"lang": "es",
"value": "Aqua Drive, en su versi\u00f3n 2.4, es vulnerable a path traversal. Al explotar esta vulnerabilidad, un usuario autenticado sin privilegios podr\u00eda acceder/modificar los recursos almacenados de otros usuarios. Tambi\u00e9n podr\u00eda ser posible acceder y modificar los archivos fuente y de configuraci\u00f3n de la plataforma de disco en la nube, afectando la integridad y disponibilidad de toda la plataforma."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aquaesolutions:aqua_drive:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1B3974-783A-4BAC-8101-A502F05A841F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-aqua-esolutions",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-399xx/CVE-2023-39989.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39989",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T12:15:10.627",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:22:06.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <=\u00a01.1.34 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento 99robots Header Footer Code Manager en versiones &lt;= 1.1.34."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:draftpress:header_footer_code_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.34",
"matchCriteriaId": "2A3A69CC-CBE2-4322-9155-E0CC41EBACE1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/header-footer-code-manager/wordpress-header-footer-code-manager-plugin-1-1-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-402xx/CVE-2023-40210.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40210",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T12:15:10.700",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:21:59.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <=\u00a04.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sean Barton (Tortoise IT) SB Child List en versiones &lt;= 4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sean-barton:sb_child_list:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.5",
"matchCriteriaId": "3A9EE5FD-964A-40E2-9E77-B6D0B0086160"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sb-child-list/wordpress-sb-child-list-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-405xx/CVE-2023-40519.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2023-40519",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.283",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:48:09.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el portal de inicio de sesi\u00f3n bpk-common/auth/login/index.html en Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, y 00.12.01.9565588_1254b459 permite a atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del par\u00e1metro disconnectMessage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:00.12.01.9565588_1254b459:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDA1BEB-8FB9-414A-9FE6-72F1D1E5B3B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:01.01.00.19219575_ee9195b0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFF21E2-254E-4057-95BF-15A92438C6C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:01.01.01.30097902_fd999e76:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAEAB5F-A1AD-4FE5-A652-FAC0E5FBDA9F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/munchy-bytes/security-disclosure-of-vulnerabilities-cve-2023-40519-2fc319737dfa",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-431xx/CVE-2023-43176.json
View File

@ -2,31 +2,104 @@
"id": "CVE-2023-43176",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.330",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:47:03.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de deserializaci\u00f3n en Afterlogic Aurora Files v9.7.3 permite a los atacantes ejecutar c\u00f3digo arbitrario proporcionando un archivo .sabredav manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:afterlogic:aurora_files:9.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DF2E3B-326A-42B9-AAB5-02A7A78A99DB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://afterlogic.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://aurora.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
]
},
{
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
]
},
{
"url": "https://sec.leonardini.dev/blog/cve-2023-43176-rce_aurora_files/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-443xx/CVE-2023-44390.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44390",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-05T14:15:09.737",
"lastModified": "2023-10-05T14:15:09.737",
"vulnStatus": "Received",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version)."
},
{
"lang": "es",
"value": "HtmlSanitizer es una librer\u00eda .NET para limpiar fragmentos y documentos HTML de construcciones que pueden provocar ataques XSS. La vulnerabilidad ocurre en configuraciones donde se permite contenido externo, es decir, \"svg\" o \"math\" est\u00e1n en la lista de elementos permitidos. En el caso de que una aplicaci\u00f3n sanitice la entrada del usuario con una configuraci\u00f3n vulnerable, un atacante podr\u00eda eludir la sanitizaci\u00f3n e inyectar HTML arbitrario, incluido c\u00f3digo JavaScript. Tenga en cuenta que en la configuraci\u00f3n predeterminada la vulnerabilidad no est\u00e1 presente. La vulnerabilidad se ha solucionado en las versiones 8.0.723 y 8.1.722-beta (versi\u00f3n preliminar)."
}
],
"metrics": {

24
CVE-2023/CVE-2023-448xx/CVE-2023-44828.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.550",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/CheckPasswdSettings_CurrentPassword",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44829.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44829",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.610",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetDeviceSettings_AdminPassword",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44830.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44830",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.657",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_EndTime",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44831.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.700",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_Type",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44832.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44832",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.753",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWanSettings_MacAddress",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44833.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44833",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.807",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_GuardInt",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44834.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.863",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_%20StartTime",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44835.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.917",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_Mac",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44836.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:11.973",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_SSID",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44837.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:12.020",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWanSettings_Password",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44838.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:12.067",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_TXPower",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44839.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44839",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T16:15:12.117",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSecurity_Encryption",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-451xx/CVE-2023-45160.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45160",
"sourceIdentifier": "security@1e.com",
"published": "2023-10-05T16:15:12.167",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client's temporary directory is now locked down\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@1e.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@1e.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://www.1e.com/trust-security-compliance/cve-info/",
"source": "security@1e.com"
}
]
}

10
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-10-04T19:15:10.547",
"lastModified": "2023-10-05T16:15:12.250",
"vulnStatus": "Modified",
"descriptions": [
{
@ -113,6 +113,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5455",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4527",
"source": "secalert@redhat.com",

55
CVE-2023/CVE-2023-45xx/CVE-2023-4570.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4570",
"sourceIdentifier": "security@ni.com",
"published": "2023-10-05T16:15:12.357",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service\u00a0Python package and all previous versions.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ni.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@ni.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-420"
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html",
"source": "security@ni.com"
}
]
}

80
CVE-2023/CVE-2023-47xx/CVE-2023-4732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4732",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T17:15:09.853",
"lastModified": "2023-10-04T12:15:10.863",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:58:45.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,14 +58,66 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.13.19",
"matchCriteriaId": "AB17AA82-730C-476D-952C-FC8A35009997"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4732",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236982",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-48xx/CVE-2023-4806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4806",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.813",
"lastModified": "2023-10-04T19:15:10.623",
"lastModified": "2023-10-05T16:15:12.443",
"vulnStatus": "Modified",
"descriptions": [
{
@ -129,6 +129,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/8",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5455",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4806",
"source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-48xx/CVE-2023-4813.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4813",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-12T22:15:08.277",
"lastModified": "2023-10-04T00:15:12.163",
"lastModified": "2023-10-05T16:15:12.537",
"vulnStatus": "Modified",
"descriptions": [
{
@ -128,6 +128,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/8",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5455",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4813",
"source": "secalert@redhat.com",

190
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2023-10-05T03:15:20.303",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:51:14.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,54 +58,196 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68D5A70D-5CEE-4E19-BF35-0245A0E0F6BC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/05/1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5454",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5455",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4911",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238352",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5514",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.qualys.com/cve-2023-4911/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-49xx/CVE-2023-4997.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4997",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-10-04T11:15:10.563",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:04:09.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.\n"
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inadecuada de usuarios habituales en el software ProIntegra Uptime DC (versiones inferiores a 2.0.0.33940) les permite cambiar las contrase\u00f1as de todos los dem\u00e1s usuarios, incluidos los administradores, lo que lleva a una escalada de privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prointegra:uptimedc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0.33940",
"matchCriteriaId": "1A397FB7-BC1F-414F-A37B-6DFE6B2C434A"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2023/10/CVE-2023-4997/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2023/10/CVE-2023-4997/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-52xx/CVE-2023-5255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5255",
"sourceIdentifier": "security@puppet.com",
"published": "2023-10-03T18:15:10.577",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T16:48:26.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. "
},
{
"lang": "es",
"value": "Para los certificados que utilizan la funci\u00f3n de renovaci\u00f3n autom\u00e1tica en Puppet Server, existe una falla que impide que los certificados sean revocados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@puppet.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
},
{
"source": "security@puppet.com",
"type": "Secondary",
@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:puppet:2023.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8E4196F0-B1C3-46EF-A17C-6404E9E34CB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:puppet_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5463CE94-DD76-4DBE-B124-3B87B8627A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:puppet_server:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7891ED2-94F2-4017-8172-BD04E66CB792"
}
]
}
]
}
],
"references": [
{
"url": "https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates",
"source": "security@puppet.com"
"source": "security@puppet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

119
CVE-2023/CVE-2023-53xx/CVE-2023-5368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5368",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-10-04T04:15:14.143",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:08:04.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "En un sistema de archivos msdosfs, las llamadas al sistema 'truncate' o 'ftruncate' bajo ciertas circunstancias llenan el espacio adicional en el archivo con datos no asignados del dispositivo de disco subyacente, en lugar de cero bytes. Esto puede permitir que un usuario con acceso de escritura a archivos en un sistema de archivos msdosfs lea datos no deseados (por ejemplo, de un archivo previamente eliminado)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
},
{
"source": "secteam@freebsd.org",
"type": "Secondary",
@ -27,10 +60,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4",
"matchCriteriaId": "A7F6C8B0-9D75-476C-ADBA-754416FBC186"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.2",
"matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*",
"matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "8C950F97-40B4-43BF-BB81-C49CE00A468B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"
}
]
}
]
}
],
"references": [
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Patch"
]
}
]
}

71
CVE-2023/CVE-2023-53xx/CVE-2023-5377.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5377",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-04T10:15:10.353",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T17:07:40.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV."
},
{
"lang": "es",
"value": "Lectura fuera de l\u00edmites en el repositorio de GitHub gpac/gpac anterior a v2.2.2-DEV."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +70,51 @@
"value": "CWE-125"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "047BC15F-5E51-48D9-B751-9DC9311FEBCF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-05T16:00:26.322119+00:00
2023-10-05T18:01:45.342648+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-05T15:52:29.633000+00:00
2023-10-05T17:39:30.237000+00:00
```
### Last Data Feed Release
@ -29,46 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227034
227049
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `15`
* [CVE-2022-3248](CVE-2022/CVE-2022-32xx/CVE-2022-3248.json) (`2023-10-05T14:15:09.650`)
* [CVE-2023-44390](CVE-2023/CVE-2023-443xx/CVE-2023-44390.json) (`2023-10-05T14:15:09.737`)
* [CVE-2023-44828](CVE-2023/CVE-2023-448xx/CVE-2023-44828.json) (`2023-10-05T16:15:11.550`)
* [CVE-2023-44829](CVE-2023/CVE-2023-448xx/CVE-2023-44829.json) (`2023-10-05T16:15:11.610`)
* [CVE-2023-44830](CVE-2023/CVE-2023-448xx/CVE-2023-44830.json) (`2023-10-05T16:15:11.657`)
* [CVE-2023-44831](CVE-2023/CVE-2023-448xx/CVE-2023-44831.json) (`2023-10-05T16:15:11.700`)
* [CVE-2023-44832](CVE-2023/CVE-2023-448xx/CVE-2023-44832.json) (`2023-10-05T16:15:11.753`)
* [CVE-2023-44833](CVE-2023/CVE-2023-448xx/CVE-2023-44833.json) (`2023-10-05T16:15:11.807`)
* [CVE-2023-44834](CVE-2023/CVE-2023-448xx/CVE-2023-44834.json) (`2023-10-05T16:15:11.863`)
* [CVE-2023-44835](CVE-2023/CVE-2023-448xx/CVE-2023-44835.json) (`2023-10-05T16:15:11.917`)
* [CVE-2023-44836](CVE-2023/CVE-2023-448xx/CVE-2023-44836.json) (`2023-10-05T16:15:11.973`)
* [CVE-2023-44837](CVE-2023/CVE-2023-448xx/CVE-2023-44837.json) (`2023-10-05T16:15:12.020`)
* [CVE-2023-44838](CVE-2023/CVE-2023-448xx/CVE-2023-44838.json) (`2023-10-05T16:15:12.067`)
* [CVE-2023-44839](CVE-2023/CVE-2023-448xx/CVE-2023-44839.json) (`2023-10-05T16:15:12.117`)
* [CVE-2023-45160](CVE-2023/CVE-2023-451xx/CVE-2023-45160.json) (`2023-10-05T16:15:12.167`)
* [CVE-2023-4570](CVE-2023/CVE-2023-45xx/CVE-2023-4570.json) (`2023-10-05T16:15:12.357`)
* [CVE-2023-2306](CVE-2023/CVE-2023-23xx/CVE-2023-2306.json) (`2023-10-05T17:15:11.373`)
### CVEs modified in the last Commit
Recently modified CVEs: `48`
Recently modified CVEs: `33`
* [CVE-2023-43656](CVE-2023/CVE-2023-436xx/CVE-2023-43656.json) (`2023-10-05T15:14:13.843`)
* [CVE-2023-30735](CVE-2023/CVE-2023-307xx/CVE-2023-30735.json) (`2023-10-05T15:15:31.130`)
* [CVE-2023-33034](CVE-2023/CVE-2023-330xx/CVE-2023-33034.json) (`2023-10-05T15:15:46.267`)
* [CVE-2023-30737](CVE-2023/CVE-2023-307xx/CVE-2023-30737.json) (`2023-10-05T15:15:57.547`)
* [CVE-2023-44973](CVE-2023/CVE-2023-449xx/CVE-2023-44973.json) (`2023-10-05T15:16:23.883`)
* [CVE-2023-39645](CVE-2023/CVE-2023-396xx/CVE-2023-39645.json) (`2023-10-05T15:16:41.543`)
* [CVE-2023-43976](CVE-2023/CVE-2023-439xx/CVE-2023-43976.json) (`2023-10-05T15:17:11.293`)
* [CVE-2023-39648](CVE-2023/CVE-2023-396xx/CVE-2023-39648.json) (`2023-10-05T15:17:30.923`)
* [CVE-2023-39646](CVE-2023/CVE-2023-396xx/CVE-2023-39646.json) (`2023-10-05T15:17:38.827`)
* [CVE-2023-44974](CVE-2023/CVE-2023-449xx/CVE-2023-44974.json) (`2023-10-05T15:17:48.087`)
* [CVE-2023-39649](CVE-2023/CVE-2023-396xx/CVE-2023-39649.json) (`2023-10-05T15:17:55.947`)
* [CVE-2023-37404](CVE-2023/CVE-2023-374xx/CVE-2023-37404.json) (`2023-10-05T15:18:33.150`)
* [CVE-2023-35905](CVE-2023/CVE-2023-359xx/CVE-2023-35905.json) (`2023-10-05T15:19:06.307`)
* [CVE-2023-39647](CVE-2023/CVE-2023-396xx/CVE-2023-39647.json) (`2023-10-05T15:19:55.307`)
* [CVE-2023-33029](CVE-2023/CVE-2023-330xx/CVE-2023-33029.json) (`2023-10-05T15:28:09.890`)
* [CVE-2023-33028](CVE-2023/CVE-2023-330xx/CVE-2023-33028.json) (`2023-10-05T15:28:33.267`)
* [CVE-2023-33027](CVE-2023/CVE-2023-330xx/CVE-2023-33027.json) (`2023-10-05T15:33:11.150`)
* [CVE-2023-36628](CVE-2023/CVE-2023-366xx/CVE-2023-36628.json) (`2023-10-05T15:33:32.560`)
* [CVE-2023-32572](CVE-2023/CVE-2023-325xx/CVE-2023-32572.json) (`2023-10-05T15:38:20.757`)
* [CVE-2023-28373](CVE-2023/CVE-2023-283xx/CVE-2023-28373.json) (`2023-10-05T15:39:04.883`)
* [CVE-2023-36627](CVE-2023/CVE-2023-366xx/CVE-2023-36627.json) (`2023-10-05T15:39:20.327`)
* [CVE-2023-31042](CVE-2023/CVE-2023-310xx/CVE-2023-31042.json) (`2023-10-05T15:46:26.893`)
* [CVE-2023-28372](CVE-2023/CVE-2023-283xx/CVE-2023-28372.json) (`2023-10-05T15:50:10.483`)
* [CVE-2023-39923](CVE-2023/CVE-2023-399xx/CVE-2023-39923.json) (`2023-10-05T15:50:28.930`)
* [CVE-2023-28406](CVE-2023/CVE-2023-284xx/CVE-2023-28406.json) (`2023-10-05T15:52:29.633`)
* [CVE-2023-39989](CVE-2023/CVE-2023-399xx/CVE-2023-39989.json) (`2023-10-05T16:22:06.307`)
* [CVE-2023-44390](CVE-2023/CVE-2023-443xx/CVE-2023-44390.json) (`2023-10-05T16:22:20.787`)
* [CVE-2023-22648](CVE-2023/CVE-2023-226xx/CVE-2023-22648.json) (`2023-10-05T16:27:57.587`)
* [CVE-2023-22647](CVE-2023/CVE-2023-226xx/CVE-2023-22647.json) (`2023-10-05T16:28:13.250`)
* [CVE-2023-2681](CVE-2023/CVE-2023-26xx/CVE-2023-2681.json) (`2023-10-05T16:43:37.583`)
* [CVE-2023-43176](CVE-2023/CVE-2023-431xx/CVE-2023-43176.json) (`2023-10-05T16:47:03.923`)
* [CVE-2023-40519](CVE-2023/CVE-2023-405xx/CVE-2023-40519.json) (`2023-10-05T16:48:09.507`)
* [CVE-2023-5255](CVE-2023/CVE-2023-52xx/CVE-2023-5255.json) (`2023-10-05T16:48:26.820`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-05T16:51:14.533`)
* [CVE-2023-4732](CVE-2023/CVE-2023-47xx/CVE-2023-4732.json) (`2023-10-05T16:58:45.243`)
* [CVE-2023-34970](CVE-2023/CVE-2023-349xx/CVE-2023-34970.json) (`2023-10-05T16:59:07.947`)
* [CVE-2023-33200](CVE-2023/CVE-2023-332xx/CVE-2023-33200.json) (`2023-10-05T17:01:00.040`)
* [CVE-2023-3361](CVE-2023/CVE-2023-33xx/CVE-2023-3361.json) (`2023-10-05T17:01:42.423`)
* [CVE-2023-3038](CVE-2023/CVE-2023-30xx/CVE-2023-3038.json) (`2023-10-05T17:02:04.223`)
* [CVE-2023-3037](CVE-2023/CVE-2023-30xx/CVE-2023-3037.json) (`2023-10-05T17:02:55.337`)
* [CVE-2023-4997](CVE-2023/CVE-2023-49xx/CVE-2023-4997.json) (`2023-10-05T17:04:09.880`)
* [CVE-2023-3701](CVE-2023/CVE-2023-37xx/CVE-2023-3701.json) (`2023-10-05T17:04:18.250`)
* [CVE-2023-37995](CVE-2023/CVE-2023-379xx/CVE-2023-37995.json) (`2023-10-05T17:04:25.617`)
* [CVE-2023-3512](CVE-2023/CVE-2023-35xx/CVE-2023-3512.json) (`2023-10-05T17:04:39.053`)
* [CVE-2023-2809](CVE-2023/CVE-2023-28xx/CVE-2023-2809.json) (`2023-10-05T17:06:16.657`)
* [CVE-2023-25980](CVE-2023/CVE-2023-259xx/CVE-2023-25980.json) (`2023-10-05T17:06:25.153`)
* [CVE-2023-25788](CVE-2023/CVE-2023-257xx/CVE-2023-25788.json) (`2023-10-05T17:06:48.483`)
* [CVE-2023-5377](CVE-2023/CVE-2023-53xx/CVE-2023-5377.json) (`2023-10-05T17:07:40.813`)
* [CVE-2023-5368](CVE-2023/CVE-2023-53xx/CVE-2023-5368.json) (`2023-10-05T17:08:04.260`)
* [CVE-2023-20109](CVE-2023/CVE-2023-201xx/CVE-2023-20109.json) (`2023-10-05T17:39:30.237`)
## Download and Usage