admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-22T02:00:24.866060+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-22 02:00:28 +00:00
parent 78bfde9eab
commit 569e374954
49 changed files with 1805 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2023/CVE-2023-317xx/CVE-2023-31716.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31716",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:09.757",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31716",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-317xx/CVE-2023-31717.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31717",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:11.160",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31717",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/IBMXTEI_5wY",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-317xx/CVE-2023-31718.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31718",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:11.353",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31718",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/VCQkEGntN04",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-317xx/CVE-2023-31719.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31719",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:11.480",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31719",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/cjb2KYpV6dY",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-345xx/CVE-2023-34576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34576",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T20:15:10.133",
"lastModified": "2023-09-21T20:15:10.133",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-345xx/CVE-2023-34577.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34577",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T17:15:16.050",
"lastModified": "2023-09-21T17:15:16.050",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Prestashop opartplannedpopup 1.4.11 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del m\u00e9todo OpartPlannedPopupModuleFrontController::prepareHook()."
}
],
"metrics": {

4
CVE-2023/CVE-2023-383xx/CVE-2023-38343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38343",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T21:15:09.747",
"lastModified": "2023-09-21T21:15:09.747",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-383xx/CVE-2023-38344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38344",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T21:15:10.877",
"lastModified": "2023-09-21T21:15:10.877",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

70
CVE-2023/CVE-2023-388xx/CVE-2023-38886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38886",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T01:15:56.153",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:30:11.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Un problema en Dolibarr ERP CRM v.17.0.1 y anteriores permite a un atacante remoto con privilegios ejecutar c\u00f3digo arbitrario a trav\u00e9s de un comando/script maniulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.0.1",
"matchCriteriaId": "BCEE13D4-508A-405B-8889-8BB2F29B2903"
}
]
}
]
}
],
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-388xx/CVE-2023-38887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T01:15:56.327",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:48:21.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Vulnerabilidad de carga de archivos en Dolibarr ERP CRM v.17.0.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n sensible a trav\u00e9s de las funciones de filtrado y cambio de nombre de la extensi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.0.1",
"matchCriteriaId": "BCEE13D4-508A-405B-8889-8BB2F29B2903"
}
]
}
]
}
],
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-388xx/CVE-2023-38888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38888",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T01:15:56.580",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:37:33.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Vulnerabilidad de Cross Site Scripting en Dolibarr ERP CRM v.17.0.1 y anteriores permite a un atacante remoto obtener informaci\u00f3n sensible y ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00f3dulo REST API, relacionado con analyseVarsForSqlAndScriptsInjection y testSqlAndScriptInject."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.0.1",
"matchCriteriaId": "BCEE13D4-508A-405B-8889-8BB2F29B2903"
}
]
}
]
}
],
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-409xx/CVE-2023-40931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40931",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T23:15:09.153",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:11:49.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nagios XI desde la versi\u00f3n 5.11.0 hasta la 5.11.1 inclusive permite a atacantes autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro ID en la solicitud POST a /nagiosxi/admin/banner_message-ajaxhelper.php"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.11.2",
"matchCriteriaId": "7BA69A3A-E1A4-45C5-859C-51F4E92B32C6"
}
]
}
]
}
],
"references": [
{
"url": "http://nagios.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.nagios.com/products/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-409xx/CVE-2023-40932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40932",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T23:15:10.237",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:13:09.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Una vulnerabilidad de A Cross-Site scripting (XSS) en Nagios XI versi\u00f3n 5.11.1 y anteriores permite a atacantes autenticados con acceso al componente del logotipo personalizado inyectar javascript o HTML de su elecci\u00f3n a trav\u00e9s del campo de texto alternativo. Esto afecta a todas las p\u00e1ginas que contienen la barra de navegaci\u00f3n, incluida la p\u00e1gina de inicio de sesi\u00f3n, lo que significa que el atacante puede robar credenciales de texto plano."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.2",
"matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727"
}
]
}
]
}
],
"references": [
{
"url": "http://nagios.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.nagios.com/products/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-409xx/CVE-2023-40933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40933",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T23:15:10.533",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:05:36.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nagios XI v5.11.1 y anteriores permite a atacantes autenticados con privilegios de configuraci\u00f3n de banners de anuncios ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ID enviado a la funci\u00f3n update_banner_message()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.2",
"matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727"
}
]
}
]
}
],
"references": [
{
"url": "http://nagios.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.nagios.com/products/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-409xx/CVE-2023-40934.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40934",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T23:15:10.677",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T01:20:26.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nagios XI 5.11.1 y versiones anteriores permite a atacantes autenticados con privilegios administrar las escaladas en m\u00e1quinas anfitri\u00f3n en Core Configuration Manager para ejecutar comandos SQL arbitrarios a trav\u00e9s de la configuraci\u00f3n de notificaci\u00f3n de escalada de host."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.2",
"matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727"
}
]
}
]
}
],
"references": [
{
"url": "http://nagios.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.nagios.com/products/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-410xx/CVE-2023-41064.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41064",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-07T18:15:07.727",
"lastModified": "2023-09-21T19:15:10.657",
"lastModified": "2023-09-22T00:15:11.780",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-11",
"cisaActionDue": "2023-10-02",
@ -113,6 +113,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/4",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213905",
"source": "product-security@apple.com",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41614.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41614",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T23:15:09.947",
"lastModified": "2023-09-21T23:15:09.947",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41616",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T23:15:11.737",
"lastModified": "2023-09-21T23:15:11.737",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-419xx/CVE-2023-41991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41991",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.283",
"lastModified": "2023-09-21T20:15:10.343",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-419xx/CVE-2023-41992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41992",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.520",
"lastModified": "2023-09-21T20:15:10.467",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-419xx/CVE-2023-41993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41993",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.660",
"lastModified": "2023-09-21T19:15:11.660",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-422xx/CVE-2023-42261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T22:15:11.823",
"lastModified": "2023-09-21T22:15:11.823",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-422xx/CVE-2023-42279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42279",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T18:15:12.200",
"lastModified": "2023-09-21T18:15:12.200",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-422xx/CVE-2023-42280.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42280",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T19:15:11.823",
"lastModified": "2023-09-21T19:15:11.823",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-424xx/CVE-2023-42456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42456",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T16:15:09.980",
"lastModified": "2023-09-21T16:15:09.980",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-424xx/CVE-2023-42458.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42458",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:22.483",
"lastModified": "2023-09-21T17:15:22.483",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. Antes de las versiones 4.8.10 y 5.8.5, existe una vulnerabilidad de Stored Cross Site Scripting para im\u00e1genes SVG. Tenga en cuenta que una etiqueta de imagen con una imagen SVG como fuente nunca es vulnerable, incluso cuando la imagen SVG contiene c\u00f3digo malicioso. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que cargar una imagen y luego enga\u00f1ar al usuario para que siga un enlace especialmente manipulado. Los parches est\u00e1n disponibles en Zope 4.8.10 y 5.8.5. Como workaround, aseg\u00farese de que el permiso \"Agregar documentos, im\u00e1genes y archivos\" solo est\u00e9 asignado a roles confiables. De forma predeterminada, s\u00f3lo el Administrador tiene este permiso."
}
],
"metrics": {

4
CVE-2023/CVE-2023-424xx/CVE-2023-42482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42482",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T20:15:10.550",
"lastModified": "2023-09-21T20:15:10.550",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

171
CVE-2023/CVE-2023-425xx/CVE-2023-42521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42521",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T07:15:37.663",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:41:18.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a trav\u00e9s del procesamiento de un archivo comprimido. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-425xx/CVE-2023-42522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42522",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T07:15:37.880",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:49:00.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a trav\u00e9s del procesamiento de una estructura de importaci\u00f3n en un archivo PE. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-425xx/CVE-2023-42523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42523",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T07:15:37.953",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:52:35.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo mediante el desempaquetado de un archivo PE. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-425xx/CVE-2023-42524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42524",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T07:15:38.040",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:53:34.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten un bucle infinito en un motor de escaneo a trav\u00e9s de tipos de archivos no especificados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-425xx/CVE-2023-42525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42525",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T07:15:38.193",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:55:05.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten un bucle infinito en un motor de escaneo a trav\u00e9s de tipos de archivos no especificados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-425xx/CVE-2023-42526.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42526",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T06:15:08.203",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:35:53.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Algunos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a trav\u00e9s de la descompresi\u00f3n de archivos de datos manipulados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-428xx/CVE-2023-42805.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.353",
"lastModified": "2023-09-21T17:15:23.353",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases."
},
{
"lang": "es",
"value": "quinn-proto es una m\u00e1quina de estados para el protocolo de transporte QUIC. Antes de las versiones 0.9.5 y 0.10.5, recibir tramas QUIC desconocidas en un paquete QUIC pod\u00eda provocar p\u00e1nico. El problema se solucion\u00f3 en las versiones de mantenimiento 0.9.5 y 0.10.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42806.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42806",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.583",
"lastModified": "2023-09-21T17:15:23.583",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants."
},
{
"lang": "es",
"value": " Hydra es the layer-two scalability solution para Cardano. Antes de la versi\u00f3n 0.13.0, no firmar ni verificar `$\\mathsf{cid}$` permite que un atacante (que debe ser un participante de este encabezado) use una instant\u00e1nea de una instancia principal anterior con los mismos participantes para cerrar el encabezado o disputar al Estado. Esto puede llevar a una distribuci\u00f3n incorrecta del valor (= ataque de extracci\u00f3n de valor; dif\u00edcil, pero posible) o impedir que la cabeza finalice porque el valor disponible no es consistente con el estado utxo cerrado (= denegaci\u00f3n de servicio; f\u00e1cil). Est\u00e1 previsto un parche para la versi\u00f3n 0.13.0. Como workaround, rote las claves entre los cabezales para no reutilizarlas y no generar los mismos participantes con firmas m\u00faltiples."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42807.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42807",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.950",
"lastModified": "2023-09-21T17:15:23.950",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app."
},
{
"lang": "es",
"value": "Frappe LMS es un sistema de gesti\u00f3n de aprendizaje de c\u00f3digo abierto. En las versiones 1.0.0 y anteriores, en la P\u00e1gina Personas de LMS, hab\u00eda una vulnerabilidad de inyecci\u00f3n SQL. El problema se ha solucionado en la rama \"principal\". Los usuarios no enfrentar\u00e1n este problema si usan la \u00faltima rama principal de la aplicaci\u00f3n."
}
],
"metrics": {

4
CVE-2023/CVE-2023-428xx/CVE-2023-42810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42810",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T18:15:12.327",
"lastModified": "2023-09-21T18:15:12.327",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

91
CVE-2023/CVE-2023-431xx/CVE-2023-43114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43114",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T07:15:38.333",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T00:34:04.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,94 @@
"value": "Se descubri\u00f3 un problema en Qt antes de 5.15.16, 6.x antes de 6.2.10 y 6.3.x a 6.5.x antes de 6.5.3 en Windows. Cuando se utiliza el motor de fuentes GDI, si se carga una fuente da\u00f1ada a trav\u00e9s de QFontDatabase::addApplicationFont{FromData], puede hacer que la aplicaci\u00f3n se bloquee debido a la falta de comprobaciones de longitud. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.16",
"matchCriteriaId": "3F65E936-073F-4BA7-94D5-8B0FF18647DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.10",
"matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.0",
"versionEndExcluding": "6.5.3",
"matchCriteriaId": "E1D0B762-A0E6-4FAB-BC87-20AC3B0D2534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-431xx/CVE-2023-43128.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43128",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T23:15:12.133",
"lastModified": "2023-09-21T23:15:12.133",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-436xx/CVE-2023-43616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43616",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.523",
"lastModified": "2023-09-20T15:17:16.780",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-22T00:15:13.173",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/schollz/croc/issues/594",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-436xx/CVE-2023-43617.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43617",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.617",
"lastModified": "2023-09-20T10:48:49.100",
"lastModified": "2023-09-22T00:15:14.017",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/schollz/croc/issues/596",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-436xx/CVE-2023-43618.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.693",
"lastModified": "2023-09-20T10:48:49.100",
"lastModified": "2023-09-22T00:15:14.457",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/schollz/croc/issues/597",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-436xx/CVE-2023-43619.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43619",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.773",
"lastModified": "2023-09-20T10:48:49.100",
"lastModified": "2023-09-22T00:15:14.680",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/schollz/croc/issues/593",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-436xx/CVE-2023-43620.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43620",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.870",
"lastModified": "2023-09-20T10:48:49.100",
"lastModified": "2023-09-22T00:15:15.040",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/schollz/croc/issues/595",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-436xx/CVE-2023-43621.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43621",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.950",
"lastModified": "2023-09-20T10:48:49.100",
"lastModified": "2023-09-22T00:15:15.380",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/schollz/croc/issues/598",
"source": "cve@mitre.org"

4
CVE-2023/CVE-2023-45xx/CVE-2023-4504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4504",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-09-21T23:15:12.293",
"lastModified": "2023-09-21T23:15:12.293",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-48xx/CVE-2023-4863.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4863",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-12T15:15:24.327",
"lastModified": "2023-09-21T03:15:11.910",
"lastModified": "2023-09-22T00:15:15.637",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-13",
"cisaActionDue": "2023-10-04",
@ -197,6 +197,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/4",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/",
"source": "chrome-cve-admin@google.com",

4
CVE-2023/CVE-2023-50xx/CVE-2023-5068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5068",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-21T23:15:13.497",
"lastModified": "2023-09-21T23:15:13.497",
"vulnStatus": "Received",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

49
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-21T23:55:24.894197+00:00
2023-09-22T02:00:24.866060+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-21T23:15:13.497000+00:00
2023-09-22T01:48:21.710000+00:00
```
### Last Data Feed Release
@ -23,33 +23,54 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-09-21T00:00:13.549918+00:00
2023-09-22T00:00:13.541260+00:00
```
### Total Number of included CVEs
```plain
226021
226025
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `4`
* [CVE-2023-42261](CVE-2023/CVE-2023-422xx/CVE-2023-42261.json) (`2023-09-21T22:15:11.823`)
* [CVE-2023-41614](CVE-2023/CVE-2023-416xx/CVE-2023-41614.json) (`2023-09-21T23:15:09.947`)
* [CVE-2023-41616](CVE-2023/CVE-2023-416xx/CVE-2023-41616.json) (`2023-09-21T23:15:11.737`)
* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-21T23:15:12.133`)
* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-21T23:15:12.293`)
* [CVE-2023-5068](CVE-2023/CVE-2023-50xx/CVE-2023-5068.json) (`2023-09-21T23:15:13.497`)
* [CVE-2023-31716](CVE-2023/CVE-2023-317xx/CVE-2023-31716.json) (`2023-09-22T00:15:09.757`)
* [CVE-2023-31717](CVE-2023/CVE-2023-317xx/CVE-2023-31717.json) (`2023-09-22T00:15:11.160`)
* [CVE-2023-31718](CVE-2023/CVE-2023-317xx/CVE-2023-31718.json) (`2023-09-22T00:15:11.353`)
* [CVE-2023-31719](CVE-2023/CVE-2023-317xx/CVE-2023-31719.json) (`2023-09-22T00:15:11.480`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `44`
* [CVE-2022-30114](CVE-2022/CVE-2022-301xx/CVE-2022-30114.json) (`2023-09-21T22:15:09.740`)
* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-09-21T22:15:12.180`)
* [CVE-2023-42456](CVE-2023/CVE-2023-424xx/CVE-2023-42456.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42805](CVE-2023/CVE-2023-428xx/CVE-2023-42805.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42806](CVE-2023/CVE-2023-428xx/CVE-2023-42806.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42807](CVE-2023/CVE-2023-428xx/CVE-2023-42807.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42279](CVE-2023/CVE-2023-422xx/CVE-2023-42279.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42810](CVE-2023/CVE-2023-428xx/CVE-2023-42810.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42280](CVE-2023/CVE-2023-422xx/CVE-2023-42280.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-34576](CVE-2023/CVE-2023-345xx/CVE-2023-34576.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42482](CVE-2023/CVE-2023-424xx/CVE-2023-42482.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-38343](CVE-2023/CVE-2023-383xx/CVE-2023-38343.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-38344](CVE-2023/CVE-2023-383xx/CVE-2023-38344.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-42261](CVE-2023/CVE-2023-422xx/CVE-2023-42261.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41614](CVE-2023/CVE-2023-416xx/CVE-2023-41614.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-41616](CVE-2023/CVE-2023-416xx/CVE-2023-41616.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-5068](CVE-2023/CVE-2023-50xx/CVE-2023-5068.json) (`2023-09-22T01:25:45.750`)
* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-22T01:30:11.830`)
* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-22T01:37:33.650`)
* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-22T01:48:21.710`)
## Download and Usage