admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-10T16:00:25.314327+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-10 16:00:28 +00:00
parent 042ee5bec4
commit 4ab39d6c1b
45 changed files with 2818 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2015/CVE-2015-81xx/CVE-2015-8104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-8104",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-11-16T11:59:12.043",
"lastModified": "2019-02-13T20:52:22.473",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T15:15:09.550",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -446,6 +446,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/4",
"source": "cve@mitre.org"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"source": "cve@mitre.org",

51
CVE-2022/CVE-2022-471xx/CVE-2022-47175.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47175",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.097",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:55.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <=\u00a01.3.75 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento P Royal Royal Elementor Addons and Templates en versiones &lt;= 1.3.75."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.75",
"matchCriteriaId": "97162648-AE19-4E96-9775-C883BF7B5B7C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-plugin-1-3-75-multiple-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-250xx/CVE-2023-25033.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25033",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.207",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:49.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <=\u00a04.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sumo Social Share Boost en versiones &lt;= 4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sumo:social_share_boost:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.5",
"matchCriteriaId": "BE971C23-8CE3-4E64-9E4F-888EF2308CE9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-254xx/CVE-2023-25480.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25480",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.300",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:34.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin <=\u00a01.24.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BoldGrid Post y Page Builder por BoldGrid \u2013 complemento Visual Drag and Drop Editor en versiones &lt;= 1.24.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:boldgrid:post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.24.1",
"matchCriteriaId": "FA3484B5-0931-4A7F-89F4-D17FCB66F3B2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-24-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27448.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27448",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.403",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:39.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <=\u00a02.8.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento MakeStories Team MakeStories (para Google Web Stories) en versiones &lt;= 2.8.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:makestories:makestories_\\(for_google_web_stories\\):*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.0",
"matchCriteriaId": "E8E6C2FE-BDDF-4FA3-AF00-E89C2147DD78"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/makestories-helper/wordpress-makestories-for-google-web-stories-plugin-2-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-276xx/CVE-2023-27615.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27615",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.487",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:27.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <=\u00a01.5.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dipak C. Gajjar WP Super Minify en versiones &lt;= 1.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dipakgajjar:wp_super_minify:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.1",
"matchCriteriaId": "0A60D34C-77B2-4654-8B59-138D418987A3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-super-minify/wordpress-wp-super-minify-plugin-1-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-308xx/CVE-2023-30801.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30801",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T14:15:10.493",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1392"
}
]
}
],
"references": [
{
"url": "https://github.com/qbittorrent/qBittorrent/issues/18731",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/qbittorrent-default-creds",
"source": "disclosure@vulncheck.com"
}
]
}

63
CVE-2023/CVE-2023-308xx/CVE-2023-30802.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-30802",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:09.880",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-540"
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-source",
"source": "disclosure@vulncheck.com"
}
]
}

63
CVE-2023/CVE-2023-308xx/CVE-2023-30803.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-30803",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:09.957",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass",
"source": "disclosure@vulncheck.com"
}
]
}

63
CVE-2023/CVE-2023-308xx/CVE-2023-30804.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-30804",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:10.033",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure",
"source": "disclosure@vulncheck.com"
}
]
}

63
CVE-2023/CVE-2023-308xx/CVE-2023-30805.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-30805",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:10.107",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the \"un\" parameter.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-username-rce",
"source": "disclosure@vulncheck.com"
}
]
}

63
CVE-2023/CVE-2023-308xx/CVE-2023-30806.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-30806",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T15:15:10.170",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce",
"source": "disclosure@vulncheck.com"
}
]
}

51
CVE-2023/CVE-2023-400xx/CVE-2023-40008.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40008",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.573",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:19.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=\u00a02.3.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Gangesh Matta Simple Org Chart en versiones &lt;= 2.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webtechforce:simple_org_chart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.4",
"matchCriteriaId": "7778924C-36E7-4303-8DEF-110138627D37"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-406xx/CVE-2023-40671.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40671",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T13:15:12.660",
"lastModified": "2023-10-06T13:17:35.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:54:14.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <=\u00a01.4.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wp DX-auto-save-images en versiones &lt;= 1.4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:daxiawp:dx-auto-save-images:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.0",
"matchCriteriaId": "25029814-D742-4AA2-8BBF-8A235DAEF5BC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dx-auto-save-images/wordpress-dx-auto-save-images-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-407xx/CVE-2023-40745.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40745",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T19:15:11.260",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:52:48.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "LibTIFF es vulnerable a un desbordamiento de enteros. Esta falla permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de una imagen tiff manipulada, lo que desencadena un desbordamiento del b\u00fafer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,76 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.0",
"matchCriteriaId": "B37DB8C1-31DE-4D92-B4CD-EE365959F1D2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-40745",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-411xx/CVE-2023-41175.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41175",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T19:15:11.340",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:52:33.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en libtiff debido a m\u00faltiples posibles desbordamientos de enteros en raw2tiff.c. Esta falla permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de una imagen tiff manipulada, lo que desencadena un desbordamiento del b\u00fafer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,76 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.0",
"matchCriteriaId": "B37DB8C1-31DE-4D92-B4CD-EE365959F1D2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-41175",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-41xx/CVE-2023-4101.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4101",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T12:15:10.973",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:26:51.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application."
},
{
"lang": "es",
"value": "El SSO de inicio de sesi\u00f3n de QSige no tiene un mecanismo de control de acceso para verificar si el usuario que solicita un recurso tiene permisos suficientes para hacerlo. Como requisito previo, es necesario iniciar sesi\u00f3n en la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-41xx/CVE-2023-4102.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4102",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T12:15:11.040",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:29:05.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application."
},
{
"lang": "es",
"value": "El SSO de inicio de sesi\u00f3n de QSige no tiene un mecanismo de control de acceso para verificar si el usuario que solicita un recurso tiene permisos suficientes para hacerlo. Como requisito previo, es necesario iniciar sesi\u00f3n en la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-424xx/CVE-2023-42449.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42449",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T20:15:10.107",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:53:53.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`.\n\nDuring the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom).\n\nThe malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT.\n\nVersion 0.13.0 fixes this issue."
},
{
"lang": "es",
"value": "Hydra es la soluci\u00f3n de escalabilidad de dos capas para Cardano. Antes de la versi\u00f3n 0.13.0, es posible que un inicializador de \"head\" malicioso extraiga uno o m\u00e1s PT para el \"head\" que est\u00e1 inicializando debido a una l\u00f3gica de validaci\u00f3n de datos incorrecta en la pol\u00edtica de acu\u00f1aci\u00f3n de tokens del \"head\", lo que luego resulta en una verificaci\u00f3n defectuosa para quemar el \"head\" ST en el validador \"initial\". Esto es posible porque no se verifica en \"HeadTokens.hs\" que los datos de las salidas en el validador \"initial\" sean iguales al ID del \"head\" real, y tampoco se verifica en el \"off-chain code\". Durante el estado \"Initial\" del protocolo, si el inicializador malicioso elimina un PT de los scripts de Hydra, resulta imposible para cualquier otro participante obtener los fondos que han intentado hacer \"commit\" en el \"head\", ya que para hacerlo, la transacci\u00f3n Abort debe quemar todos los PT para el \"head\", pero no pueden quemar el PT que controla el atacante y, por lo tanto, no pueden satisfacer este requisito. Eso significa que el inicializador puede bloquear los fondos hechos \"committed\" de los otros participantes para siempre o hasta que decidan devolver el PT (rescate). El inicializador malicioso tambi\u00e9n puede usar el PT para simular un \"committed\" en un TxO particular cuando el \"head\" avanza al estado \"Open\". Por ejemplo, podr\u00edan decir que hicieron \"committed\" a un TxO residiendo en su direcci\u00f3n que conten\u00eda 100 ADA, pero en realidad estos 100 ADA no se movieron al \"head\" y, por lo tanto, para que otro participante realice el fanout se ver\u00e1n obligados a pagar al atacante los 100 ADA de sus propios fondos, ya que la transacci\u00f3n fanout debe pagar todos los TxO que hicieron \"committed\" (aunque el atacante realiz\u00f3 el \"commit\" TxO). Pueden hacer esto colocando el PT en un UTxO con un dato \"Commit\" bien formado con el contenido que deseen y luego usar este UTxO en la transacci\u00f3n \"collectCom\". Puede haber otras formas posibles de abusar del control de un PT. La versi\u00f3n 0.13.0 soluciona este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,26 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iohk:hydra:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.13.0",
"matchCriteriaId": "556BF21B-9F61-4C1D-BD51-A2EC64EA1CE7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-node/src/Hydra/Chain/Direct/Tx.hs#L645-L761",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-plutus/src/Hydra/Contract/Initial.hs#L84-L91",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/input-output-hk/hydra/blob/master/CHANGELOG.md#0130---2023-10-03",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/HeadTokens.hs#L76-L136",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-9m8q-7wxv-v65p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-442xx/CVE-2023-44211.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-44211",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.377",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:50:19.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 31637."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.02",
"matchCriteriaId": "6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-4061",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-442xx/CVE-2023-44212.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-44212",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.447",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:56:45.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 31477."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,14 +82,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.01",
"matchCriteriaId": "0C48880C-A725-47B7-89C3-06963A2B89B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/SEC-2159",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5528",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-442xx/CVE-2023-44213.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-44213",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.520",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:56:30.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible debido a la recopilaci\u00f3n excesiva de informaci\u00f3n del sistema. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilaci\u00f3n 35739."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.06",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5286",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-442xx/CVE-2023-44214.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-44214",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.587",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:56:49.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.06",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5902",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44241.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44241",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T14:15:10.617",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <=\u00a01.4.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/infusionsoft-landing-pages/wordpress-keap-landing-pages-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-444xx/CVE-2023-44470.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44470",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T14:15:10.797",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <=\u00a01.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kv-tinymce-editor-fonts/wordpress-kv-tinymce-editor-add-fonts-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-444xx/CVE-2023-44471.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44471",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.243",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <=\u00a02.1.10 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kau-boys-backend-localization/wordpress-backend-localization-plugin-2-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-444xx/CVE-2023-44475.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44475",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.320",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <=\u00a02.0.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-444xx/CVE-2023-44476.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44476",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.397",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <=\u00a02.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/copyrightpro/wordpress-copyrightpro-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

108
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-10T15:15:10.470",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"metrics": {},
"references": [
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
"source": "cve@mitre.org"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
"source": "cve@mitre.org"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
"source": "cve@mitre.org"
},
{
"url": "https://chaos.social/@icing/111210915918780532",
"source": "cve@mitre.org"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
"source": "cve@mitre.org"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
"source": "cve@mitre.org"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/hyperium/hyper/issues/3337",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=37830987",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=37830998",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=37831062",
"source": "cve@mitre.org"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
"source": "cve@mitre.org"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"source": "cve@mitre.org"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-448xx/CVE-2023-44821.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-44821",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T20:15:10.583",
"lastModified": "2023-10-10T12:16:32.703",
"lastModified": "2023-10-10T15:15:10.547",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in gifsicle v.1.92 allows a remote attacker to cause a denial of service via the --crop parameter in the command line parameters."
"value": "** DISPUTED ** Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line."
},
{
"lang": "es",
@ -19,6 +19,10 @@
{
"url": "https://github.com/kohler/gifsicle/issues/195",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kohler/gifsicle/issues/65",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-449xx/CVE-2023-44994.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44994",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.607",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <=\u00a01.9.8 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcodes-ui/wordpress-shortcodes-ui-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45240.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-45240",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.680",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:55:56.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.06",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5904",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45241.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-45241",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.757",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:55:45.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Se filtra informaci\u00f3n confidencial a trav\u00e9s de archivos de registro. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.06",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5999",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45242.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-45242",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.827",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:55:33.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.06",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-6018",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45243.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-45243",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-05T22:15:12.890",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-10T14:55:20.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c23.06",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-6019",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-49xx/CVE-2023-4966.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4966",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-10-10T14:15:10.977",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA ?virtual?server.\u00a0\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX579459",
"source": "secure@citrix.com"
}
]
}

6
CVE-2023/CVE-2023-51xx/CVE-2023-5168.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5168",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-27T15:19:42.067",
"lastModified": "2023-09-29T18:44:04.247",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T15:15:10.773",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3."
"value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3."
},
{
"lang": "es",

61
CVE-2023/CVE-2023-53xx/CVE-2023-5370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5370",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-10-04T04:15:15.593",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:58:09.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "En la CPU 0, se llama a la verificaci\u00f3n del workaround de SMCCC antes de que se haya inicializado el soporte de SMCCC. Esto result\u00f3 en que no se instalaran workarounds de ejecuci\u00f3n especulativa en la CPU 0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
},
{
"source": "secteam@freebsd.org",
"type": "Secondary",
@ -27,10 +60,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
}
]
}
]
}
],
"references": [
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-54xx/CVE-2023-5441.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5441",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-05T21:15:11.413",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T14:51:58.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960."
},
{
"lang": "es",
"value": "Desreferencia del puntero NULL en el repositorio de GitHub vim/vim anterior a 20d161ace307e28690229b68584f2d84556f8960."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1994",
"matchCriteriaId": "B5232E4F-BD11-4DBF-B60E-C211E5D1B724"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-54xx/CVE-2023-5488.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5488",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-10T14:15:11.123",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241640",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241640",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-54xx/CVE-2023-5489.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5489",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-10T15:15:10.850",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/s45_upload_%20uploadfile.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241641",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241641",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-54xx/CVE-2023-5490.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5490",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-10T15:15:10.927",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/s45_upload_%20userattestation.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241642",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241642",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-54xx/CVE-2023-5491.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5491",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-10T15:15:11.003",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/s45_upload_changelogo.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241643",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241643",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2023/CVE-2023-54xx/CVE-2023-5499.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5499",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-10T14:15:11.213",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/shenzhen-reachfar-v28-information-exposure",
"source": "cve-coordination@incibe.es"
}
]
}

99
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-10T14:00:25.269803+00:00
2023-10-10T16:00:25.314327+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-10T13:44:00.017000+00:00
2023-10-10T15:47:36.710000+00:00
```
### Last Data Feed Release
@ -29,64 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227341
227360
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `19`
* [CVE-2023-44763](CVE-2023/CVE-2023-447xx/CVE-2023-44763.json) (`2023-10-10T12:15:09.870`)
* [CVE-2023-39447](CVE-2023/CVE-2023-394xx/CVE-2023-39447.json) (`2023-10-10T13:15:20.613`)
* [CVE-2023-40534](CVE-2023/CVE-2023-405xx/CVE-2023-40534.json) (`2023-10-10T13:15:20.730`)
* [CVE-2023-40537](CVE-2023/CVE-2023-405xx/CVE-2023-40537.json) (`2023-10-10T13:15:20.840`)
* [CVE-2023-40542](CVE-2023/CVE-2023-405xx/CVE-2023-40542.json) (`2023-10-10T13:15:20.937`)
* [CVE-2023-41085](CVE-2023/CVE-2023-410xx/CVE-2023-41085.json) (`2023-10-10T13:15:21.050`)
* [CVE-2023-41253](CVE-2023/CVE-2023-412xx/CVE-2023-41253.json) (`2023-10-10T13:15:21.150`)
* [CVE-2023-41373](CVE-2023/CVE-2023-413xx/CVE-2023-41373.json) (`2023-10-10T13:15:21.227`)
* [CVE-2023-41964](CVE-2023/CVE-2023-419xx/CVE-2023-41964.json) (`2023-10-10T13:15:21.417`)
* [CVE-2023-42768](CVE-2023/CVE-2023-427xx/CVE-2023-42768.json) (`2023-10-10T13:15:21.507`)
* [CVE-2023-43485](CVE-2023/CVE-2023-434xx/CVE-2023-43485.json) (`2023-10-10T13:15:21.590`)
* [CVE-2023-43611](CVE-2023/CVE-2023-436xx/CVE-2023-43611.json) (`2023-10-10T13:15:21.687`)
* [CVE-2023-43746](CVE-2023/CVE-2023-437xx/CVE-2023-43746.json) (`2023-10-10T13:15:21.783`)
* [CVE-2023-43785](CVE-2023/CVE-2023-437xx/CVE-2023-43785.json) (`2023-10-10T13:15:21.877`)
* [CVE-2023-43786](CVE-2023/CVE-2023-437xx/CVE-2023-43786.json) (`2023-10-10T13:15:22.023`)
* [CVE-2023-43787](CVE-2023/CVE-2023-437xx/CVE-2023-43787.json) (`2023-10-10T13:15:22.083`)
* [CVE-2023-43788](CVE-2023/CVE-2023-437xx/CVE-2023-43788.json) (`2023-10-10T13:15:22.137`)
* [CVE-2023-45219](CVE-2023/CVE-2023-452xx/CVE-2023-45219.json) (`2023-10-10T13:15:22.297`)
* [CVE-2023-45226](CVE-2023/CVE-2023-452xx/CVE-2023-45226.json) (`2023-10-10T13:15:22.383`)
* [CVE-2023-5450](CVE-2023/CVE-2023-54xx/CVE-2023-5450.json) (`2023-10-10T13:15:22.617`)
* [CVE-2023-30801](CVE-2023/CVE-2023-308xx/CVE-2023-30801.json) (`2023-10-10T14:15:10.493`)
* [CVE-2023-44241](CVE-2023/CVE-2023-442xx/CVE-2023-44241.json) (`2023-10-10T14:15:10.617`)
* [CVE-2023-44470](CVE-2023/CVE-2023-444xx/CVE-2023-44470.json) (`2023-10-10T14:15:10.797`)
* [CVE-2023-4966](CVE-2023/CVE-2023-49xx/CVE-2023-4966.json) (`2023-10-10T14:15:10.977`)
* [CVE-2023-5488](CVE-2023/CVE-2023-54xx/CVE-2023-5488.json) (`2023-10-10T14:15:11.123`)
* [CVE-2023-5499](CVE-2023/CVE-2023-54xx/CVE-2023-5499.json) (`2023-10-10T14:15:11.213`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T14:15:10.883`)
* [CVE-2023-30802](CVE-2023/CVE-2023-308xx/CVE-2023-30802.json) (`2023-10-10T15:15:09.880`)
* [CVE-2023-30803](CVE-2023/CVE-2023-308xx/CVE-2023-30803.json) (`2023-10-10T15:15:09.957`)
* [CVE-2023-30804](CVE-2023/CVE-2023-308xx/CVE-2023-30804.json) (`2023-10-10T15:15:10.033`)
* [CVE-2023-30805](CVE-2023/CVE-2023-308xx/CVE-2023-30805.json) (`2023-10-10T15:15:10.107`)
* [CVE-2023-30806](CVE-2023/CVE-2023-308xx/CVE-2023-30806.json) (`2023-10-10T15:15:10.170`)
* [CVE-2023-44471](CVE-2023/CVE-2023-444xx/CVE-2023-44471.json) (`2023-10-10T15:15:10.243`)
* [CVE-2023-44475](CVE-2023/CVE-2023-444xx/CVE-2023-44475.json) (`2023-10-10T15:15:10.320`)
* [CVE-2023-44476](CVE-2023/CVE-2023-444xx/CVE-2023-44476.json) (`2023-10-10T15:15:10.397`)
* [CVE-2023-44994](CVE-2023/CVE-2023-449xx/CVE-2023-44994.json) (`2023-10-10T15:15:10.607`)
* [CVE-2023-5489](CVE-2023/CVE-2023-54xx/CVE-2023-5489.json) (`2023-10-10T15:15:10.850`)
* [CVE-2023-5490](CVE-2023/CVE-2023-54xx/CVE-2023-5490.json) (`2023-10-10T15:15:10.927`)
* [CVE-2023-5491](CVE-2023/CVE-2023-54xx/CVE-2023-5491.json) (`2023-10-10T15:15:11.003`)
### CVEs modified in the last Commit
Recently modified CVEs: `157`
Recently modified CVEs: `25`
* [CVE-2023-44084](CVE-2023/CVE-2023-440xx/CVE-2023-44084.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-44085](CVE-2023/CVE-2023-440xx/CVE-2023-44085.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-44086](CVE-2023/CVE-2023-440xx/CVE-2023-44086.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-44087](CVE-2023/CVE-2023-440xx/CVE-2023-44087.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-44315](CVE-2023/CVE-2023-443xx/CVE-2023-44315.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-45204](CVE-2023/CVE-2023-452xx/CVE-2023-45204.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-45205](CVE-2023/CVE-2023-452xx/CVE-2023-45205.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-45601](CVE-2023/CVE-2023-456xx/CVE-2023-45601.json) (`2023-10-10T12:16:32.703`)
* [CVE-2023-45245](CVE-2023/CVE-2023-452xx/CVE-2023-45245.json) (`2023-10-10T12:22:17.773`)
* [CVE-2023-38537](CVE-2023/CVE-2023-385xx/CVE-2023-38537.json) (`2023-10-10T13:05:44.463`)
* [CVE-2023-5399](CVE-2023/CVE-2023-53xx/CVE-2023-5399.json) (`2023-10-10T13:07:01.630`)
* [CVE-2023-5391](CVE-2023/CVE-2023-53xx/CVE-2023-5391.json) (`2023-10-10T13:07:17.587`)
* [CVE-2023-42448](CVE-2023/CVE-2023-424xx/CVE-2023-42448.json) (`2023-10-10T13:07:59.467`)
* [CVE-2023-3576](CVE-2023/CVE-2023-35xx/CVE-2023-3576.json) (`2023-10-10T13:09:39.637`)
* [CVE-2023-3428](CVE-2023/CVE-2023-34xx/CVE-2023-3428.json) (`2023-10-10T13:10:46.850`)
* [CVE-2023-5371](CVE-2023/CVE-2023-53xx/CVE-2023-5371.json) (`2023-10-10T13:13:05.367`)
* [CVE-2023-44270](CVE-2023/CVE-2023-442xx/CVE-2023-44270.json) (`2023-10-10T13:15:22.197`)
* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-10-10T13:29:19.913`)
* [CVE-2023-2422](CVE-2023/CVE-2023-24xx/CVE-2023-2422.json) (`2023-10-10T13:30:12.550`)
* [CVE-2023-1584](CVE-2023/CVE-2023-15xx/CVE-2023-1584.json) (`2023-10-10T13:30:47.280`)
* [CVE-2023-44272](CVE-2023/CVE-2023-442xx/CVE-2023-44272.json) (`2023-10-10T13:31:11.370`)
* [CVE-2023-38538](CVE-2023/CVE-2023-385xx/CVE-2023-38538.json) (`2023-10-10T13:33:25.143`)
* [CVE-2023-20268](CVE-2023/CVE-2023-202xx/CVE-2023-20268.json) (`2023-10-10T13:35:15.353`)
* [CVE-2023-5369](CVE-2023/CVE-2023-53xx/CVE-2023-5369.json) (`2023-10-10T13:36:09.800`)
* [CVE-2023-43804](CVE-2023/CVE-2023-438xx/CVE-2023-43804.json) (`2023-10-10T13:44:00.017`)
* [CVE-2015-8104](CVE-2015/CVE-2015-81xx/CVE-2015-8104.json) (`2023-10-10T15:15:09.550`)
* [CVE-2022-47175](CVE-2022/CVE-2022-471xx/CVE-2022-47175.json) (`2023-10-10T14:54:55.443`)
* [CVE-2023-4101](CVE-2023/CVE-2023-41xx/CVE-2023-4101.json) (`2023-10-10T14:26:51.557`)
* [CVE-2023-4102](CVE-2023/CVE-2023-41xx/CVE-2023-4102.json) (`2023-10-10T14:29:05.477`)
* [CVE-2023-44211](CVE-2023/CVE-2023-442xx/CVE-2023-44211.json) (`2023-10-10T14:50:19.777`)
* [CVE-2023-5441](CVE-2023/CVE-2023-54xx/CVE-2023-5441.json) (`2023-10-10T14:51:58.117`)
* [CVE-2023-41175](CVE-2023/CVE-2023-411xx/CVE-2023-41175.json) (`2023-10-10T14:52:33.190`)
* [CVE-2023-40745](CVE-2023/CVE-2023-407xx/CVE-2023-40745.json) (`2023-10-10T14:52:48.833`)
* [CVE-2023-42449](CVE-2023/CVE-2023-424xx/CVE-2023-42449.json) (`2023-10-10T14:53:53.467`)
* [CVE-2023-40671](CVE-2023/CVE-2023-406xx/CVE-2023-40671.json) (`2023-10-10T14:54:14.250`)
* [CVE-2023-40008](CVE-2023/CVE-2023-400xx/CVE-2023-40008.json) (`2023-10-10T14:54:19.977`)
* [CVE-2023-27615](CVE-2023/CVE-2023-276xx/CVE-2023-27615.json) (`2023-10-10T14:54:27.890`)
* [CVE-2023-25480](CVE-2023/CVE-2023-254xx/CVE-2023-25480.json) (`2023-10-10T14:54:34.353`)
* [CVE-2023-27448](CVE-2023/CVE-2023-274xx/CVE-2023-27448.json) (`2023-10-10T14:54:39.070`)
* [CVE-2023-25033](CVE-2023/CVE-2023-250xx/CVE-2023-25033.json) (`2023-10-10T14:54:49.983`)
* [CVE-2023-45243](CVE-2023/CVE-2023-452xx/CVE-2023-45243.json) (`2023-10-10T14:55:20.177`)
* [CVE-2023-45242](CVE-2023/CVE-2023-452xx/CVE-2023-45242.json) (`2023-10-10T14:55:33.760`)
* [CVE-2023-45241](CVE-2023/CVE-2023-452xx/CVE-2023-45241.json) (`2023-10-10T14:55:45.433`)
* [CVE-2023-45240](CVE-2023/CVE-2023-452xx/CVE-2023-45240.json) (`2023-10-10T14:55:56.860`)
* [CVE-2023-44213](CVE-2023/CVE-2023-442xx/CVE-2023-44213.json) (`2023-10-10T14:56:30.940`)
* [CVE-2023-44212](CVE-2023/CVE-2023-442xx/CVE-2023-44212.json) (`2023-10-10T14:56:45.633`)
* [CVE-2023-44214](CVE-2023/CVE-2023-442xx/CVE-2023-44214.json) (`2023-10-10T14:56:49.937`)
* [CVE-2023-5370](CVE-2023/CVE-2023-53xx/CVE-2023-5370.json) (`2023-10-10T14:58:09.733`)
* [CVE-2023-44821](CVE-2023/CVE-2023-448xx/CVE-2023-44821.json) (`2023-10-10T15:15:10.547`)
* [CVE-2023-5168](CVE-2023/CVE-2023-51xx/CVE-2023-5168.json) (`2023-10-10T15:15:10.773`)
## Download and Usage