admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-19T17:00:24.690445+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-19 17:00:28 +00:00
parent 2656f1929f
commit 66343e28c7
70 changed files with 4034 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2019/CVE-2019-03xx/CVE-2019-0330.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-0330", "id": "CVE-2019-0330",
"sourceIdentifier": "cna@sap.com", "sourceIdentifier": "cna@sap.com",
"published": "2019-07-10T20:15:12.263", "published": "2019-07-10T20:15:12.263",
"lastModified": "2020-04-17T18:21:19.640", "lastModified": "2023-12-19T15:32:08.840",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:sap:diagnostics_agents:7.20:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:sap:diagnostics_agent:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4D02FD3A-5969-4D1C-A9FE-F7DD3E5B72D4" "matchCriteriaId": "ADDA865D-010B-44E9-9523-3817F7872F7A"
} }
] ]
} }

43
CVE-2021/CVE-2021-229xx/CVE-2021-22962.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2021-22962",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:07.697",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

6
CVE-2021/CVE-2021-37xx/CVE-2021-3784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3784", "id": "CVE-2021-3784",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T16:15:09.940", "published": "2023-10-04T16:15:09.940",
"lastModified": "2023-10-11T19:17:11.400", "lastModified": "2023-12-19T15:15:07.850",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -75,7 +75,7 @@
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-285" "value": "CWE-287"
} }
] ]
} }

55
CVE-2023/CVE-2023-15xx/CVE-2023-1514.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-1514",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-19T15:15:08.037",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted\u00a0and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000152&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

8
CVE-2023/CVE-2023-225xx/CVE-2023-22518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22518", "id": "CVE-2023-22518",
"sourceIdentifier": "security@atlassian.com", "sourceIdentifier": "security@atlassian.com",
"published": "2023-10-31T15:15:08.573", "published": "2023-10-31T15:15:08.573",
"lastModified": "2023-11-08T18:49:56.440", "lastModified": "2023-12-19T16:15:07.883",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cisaExploitAdd": "2023-11-07", "cisaExploitAdd": "2023-11-07",
"cisaActionDue": "2023-11-28", "cisaActionDue": "2023-11-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -165,6 +165,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html",
"source": "security@atlassian.com"
},
{ {
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907", "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907",
"source": "security@atlassian.com", "source": "security@atlassian.com",

55
CVE-2023/CVE-2023-257xx/CVE-2023-25715.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25715",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T16:15:07.980",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in GamiPress GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

10
CVE-2023/CVE-2023-28xx/CVE-2023-2809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2809", "id": "CVE-2023-2809",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.223", "published": "2023-10-04T11:15:10.223",
"lastModified": "2023-10-05T17:06:16.657", "lastModified": "2023-12-19T15:15:08.230",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -60,7 +60,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "nvd@nist.gov", "source": "cve-coordination@incibe.es",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -70,12 +70,12 @@
] ]
}, },
{ {
"source": "cve-coordination@incibe.es", "source": "nvd@nist.gov",
"type": "Secondary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-798" "value": "CWE-312"
} }
] ]
} }

55
CVE-2023/CVE-2023-373xx/CVE-2023-37390.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37390",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T16:15:08.193",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/themesflat-addons-for-elementor/wordpress-themesflat-addons-for-elementor-plugin-2-0-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

67
CVE-2023/CVE-2023-406xx/CVE-2023-40656.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-40656", "id": "CVE-2023-40656",
"sourceIdentifier": "security@joomla.org", "sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.780", "published": "2023-12-14T09:15:41.780",
"lastModified": "2023-12-14T13:51:59.903", "lastModified": "2023-12-19T16:53:42.183",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A reflected XSS vulnerability was discovered in the Quickform component for Joomla." "value": "A reflected XSS vulnerability was discovered in the Quickform component for Joomla."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el componente Quickform para Joomla."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@joomla.org", "source": "security@joomla.org",
"type": "Secondary", "type": "Secondary",
@ -23,10 +60,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plasma-web:quickform:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "3.3.01",
"matchCriteriaId": "F0DD3902-238D-4575-A333-1E3B3282B4CB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://extensions.joomla.org/extension/quickform/", "url": "https://extensions.joomla.org/extension/quickform/",
"source": "security@joomla.org" "source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

67
CVE-2023/CVE-2023-406xx/CVE-2023-40657.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-40657", "id": "CVE-2023-40657",
"sourceIdentifier": "security@joomla.org", "sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.850", "published": "2023-12-14T09:15:41.850",
"lastModified": "2023-12-14T13:51:59.903", "lastModified": "2023-12-19T16:10:07.447",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla." "value": "A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el componente Joomdoc para Joomla."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@joomla.org", "source": "security@joomla.org",
"type": "Secondary", "type": "Secondary",
@ -23,10 +60,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artio:joomdoc:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "4.0.5",
"matchCriteriaId": "74DA8F2B-F1D4-4F89-A3FB-91DCDED49B4A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://extensions.joomla.org/extension/joomdoc/", "url": "https://extensions.joomla.org/extension/joomdoc/",
"source": "security@joomla.org" "source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

67
CVE-2023/CVE-2023-406xx/CVE-2023-40658.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-40658", "id": "CVE-2023-40658",
"sourceIdentifier": "security@joomla.org", "sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.920", "published": "2023-12-14T09:15:41.920",
"lastModified": "2023-12-14T13:51:59.903", "lastModified": "2023-12-19T16:18:43.973",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla." "value": "A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el m\u00f3dulo Clicky Analytics Dashboard para Joomla."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@joomla.org", "source": "security@joomla.org",
"type": "Secondary", "type": "Secondary",
@ -23,10 +60,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deconf:clicky_analytics_dashboard:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "37465F1B-325C-4B35-A365-4833EA2D086A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://deconf.com/clicky-analytics-dashboard-joomla/", "url": "https://deconf.com/clicky-analytics-dashboard-joomla/",
"source": "security@joomla.org" "source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

67
CVE-2023/CVE-2023-406xx/CVE-2023-40659.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-40659", "id": "CVE-2023-40659",
"sourceIdentifier": "security@joomla.org", "sourceIdentifier": "security@joomla.org",
"published": "2023-12-14T09:15:41.993", "published": "2023-12-14T09:15:41.993",
"lastModified": "2023-12-14T13:51:59.903", "lastModified": "2023-12-19T16:19:14.030",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla." "value": "A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad XSS reflejada en el m\u00f3dulo Easy Quick Contact para Joomla."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@joomla.org", "source": "security@joomla.org",
"type": "Secondary", "type": "Secondary",
@ -23,10 +60,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomboost:easy_quick_contact:*:*:*:*:*:joomla\\!:*:*",
"versionStartIncluding": "1.0.0",
"versionEndIncluding": "1.3.0",
"matchCriteriaId": "52396303-D438-4257-BFE0-5167AB751B17"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://extensions.joomla.org/extension/contacts-and-feedback/contact-forms/easy-quick-contact/", "url": "https://extensions.joomla.org/extension/contacts-and-feedback/contact-forms/easy-quick-contact/",
"source": "security@joomla.org" "source": "security@joomla.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

10
CVE-2023/CVE-2023-406xx/CVE-2023-40660.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40660", "id": "CVE-2023-40660",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T17:15:11.757", "published": "2023-11-06T17:15:11.757",
"lastModified": "2023-12-13T18:15:43.387", "lastModified": "2023-12-19T16:15:08.413",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -123,6 +123,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/2", "url": "http://www.openwall.com/lists/oss-security/2023/12/13/2",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2023:7876",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7879",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-40660", "url": "https://access.redhat.com/security/cve/CVE-2023-40660",
"source": "secalert@redhat.com", "source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-406xx/CVE-2023-40661.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40661", "id": "CVE-2023-40661",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T17:15:11.830", "published": "2023-11-06T17:15:11.830",
"lastModified": "2023-12-13T18:15:43.537", "lastModified": "2023-12-19T16:15:08.527",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -123,6 +123,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/3", "url": "http://www.openwall.com/lists/oss-security/2023/12/13/3",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2023:7876",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7879",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-40661", "url": "https://access.redhat.com/security/cve/CVE-2023-40661",
"source": "secalert@redhat.com", "source": "secalert@redhat.com",

68
CVE-2023/CVE-2023-416xx/CVE-2023-41618.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-41618", "id": "CVE-2023-41618",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T00:15:43.490", "published": "2023-12-14T00:15:43.490",
"lastModified": "2023-12-14T13:52:16.903", "lastModified": "2023-12-19T16:11:02.990",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft." "value": "Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Emlog Pro v2.1.14 contiene una vulnerabilidad de cross-site scripting (XSS) reflejado a trav\u00e9s del componente /admin/article.php?active_savedraft."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*",
"matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41618", "url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41618",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

43
CVE-2023/CVE-2023-417xx/CVE-2023-41727.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-41727",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:08.623",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

10
CVE-2023/CVE-2023-418xx/CVE-2023-41890.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41890", "id": "CVE-2023-41890",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T15:15:52.863", "published": "2023-09-19T15:15:52.863",
"lastModified": "2023-09-22T15:06:53.240", "lastModified": "2023-12-19T15:16:11.310",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -83,16 +83,16 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.3", "versionEndExcluding": "1.0.3",
"matchCriteriaId": "B7F5976D-E597-4453-BC51-94F0EC54452B" "matchCriteriaId": "1368FC9F-A8F8-490B-BE77-B898DFF61C5F"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:sustainsys:saml2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0", "versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.9.2", "versionEndExcluding": "2.9.2",
"matchCriteriaId": "D5B2D148-2306-49D9-AE0B-EAF6D4B70EE0" "matchCriteriaId": "1E4A2BA7-F6D7-4E13-AA65-EAD3393106B4"
} }
] ]
} }

91
CVE-2023/CVE-2023-435xx/CVE-2023-43583.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43583", "id": "CVE-2023-43583",
"sourceIdentifier": "security@zoom.us", "sourceIdentifier": "security@zoom.us",
"published": "2023-12-13T23:15:07.270", "published": "2023-12-13T23:15:07.270",
"lastModified": "2023-12-14T13:52:16.903", "lastModified": "2023-12-19T15:49:19.407",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access." "value": "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access."
},
{
"lang": "es",
"value": "Los problemas criptogr\u00e1ficos de la aplicaci\u00f3n Zoom Mobile para Android, la aplicaci\u00f3n Zoom Mobile para iOS y los SDK de Zoom para Android e iOS anteriores a la versi\u00f3n 5.16.0 pueden permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{ {
"source": "security@zoom.us", "source": "security@zoom.us",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "security@zoom.us", "source": "security@zoom.us",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,61 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "E725B855-C1FD-40B0-B5DD-164CB83D0F53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "D09B037A-A36E-480E-A180-A2FDBB0CE130"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "76ECB323-FA2E-4C2C-9949-40A068BB46C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "8BB16085-BEA2-4FCF-AA22-F6DD44A2E8DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.16.0",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/", "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/",
"source": "security@zoom.us" "source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-438xx/CVE-2023-43870.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43870",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-12-19T15:15:08.357",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cert@ncsc.nl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cert@ncsc.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.paxton-access.com/systems/net2/",
"source": "cert@ncsc.nl"
}
]
}

55
CVE-2023/CVE-2023-449xx/CVE-2023-44983.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44983",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T16:15:08.787",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-449xx/CVE-2023-44991.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44991",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-19T16:15:08.973",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-45xx/CVE-2023-4535.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4535", "id": "CVE-2023-4535",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T17:15:12.083", "published": "2023-11-06T17:15:12.083",
"lastModified": "2023-11-14T17:11:24.943", "lastModified": "2023-12-19T16:15:12.243",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -115,6 +115,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7879",
"source": "secalert@redhat.com"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-4535", "url": "https://access.redhat.com/security/cve/CVE-2023-4535",
"source": "secalert@redhat.com", "source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-45xx/CVE-2023-4590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4590", "id": "CVE-2023-4590",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-27T13:15:07.130", "published": "2023-11-27T13:15:07.130",
"lastModified": "2023-12-01T18:53:07.967", "lastModified": "2023-12-19T15:15:08.793",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -60,7 +60,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "nvd@nist.gov", "source": "cve-coordination@incibe.es",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -70,12 +70,12 @@
] ]
}, },
{ {
"source": "cve-coordination@incibe.es", "source": "nvd@nist.gov",
"type": "Secondary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-119" "value": "CWE-120"
} }
] ]
} }

6
CVE-2023/CVE-2023-461xx/CVE-2023-46104.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46104", "id": "CVE-2023-46104",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:07.517", "published": "2023-12-19T10:15:07.517",
"lastModified": "2023-12-19T13:42:12.823", "lastModified": "2023-12-19T15:15:08.547",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -47,6 +47,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/1",
"source": "security@apache.org"
},
{ {
"url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", "url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl",
"source": "security@apache.org" "source": "security@apache.org"

43
CVE-2023/CVE-2023-462xx/CVE-2023-46216.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46216",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.170",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46217.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46217",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.337",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46220.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46220",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.497",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46221.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46221",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.650",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46222.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46222",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.797",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46223.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46223",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:09.957",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46224.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46224",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.113",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46225.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46225",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.260",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46257.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46257",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.413",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46258.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46258",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.570",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46259.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46259",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.720",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46260.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46260",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:10.887",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46261.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46261",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.043",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46262.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46262",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.190",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46263.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46263",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.343",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46264.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46264",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.493",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46265.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46265",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.640",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-462xx/CVE-2023-46266.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46266",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.787",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-468xx/CVE-2023-46803.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46803",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:11.930",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

43
CVE-2023/CVE-2023-468xx/CVE-2023-46804.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-46804",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-19T16:15:12.077",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt",
"source": "support@hackerone.com"
}
]
}

63
CVE-2023/CVE-2023-476xx/CVE-2023-47620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47620", "id": "CVE-2023-47620",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.197", "published": "2023-12-13T22:15:43.197",
"lastModified": "2023-12-14T13:52:16.903", "lastModified": "2023-12-19T15:27:49.173",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,14 +80,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koush:scrypted:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.55.0",
"matchCriteriaId": "2BA9D00E-03C6-42F6-8D59-93062B442786"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45", "url": "https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/", "url": "https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-476xx/CVE-2023-47623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47623", "id": "CVE-2023-47623",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.417", "published": "2023-12-13T22:15:43.417",
"lastModified": "2023-12-14T13:52:16.903", "lastModified": "2023-12-19T15:27:59.743",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,14 +70,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koush:scrypted:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.55.0",
"matchCriteriaId": "2BA9D00E-03C6-42F6-8D59-93062B442786"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79", "url": "https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/", "url": "https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-476xx/CVE-2023-47624.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47624", "id": "CVE-2023-47624",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T21:15:07.630", "published": "2023-12-13T21:15:07.630",
"lastModified": "2023-12-13T21:25:53.887", "lastModified": "2023-12-19T15:33:35.507",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available." "value": "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available."
},
{
"lang": "es",
"value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. En las versiones 2.4.3 y anteriores, cualquier usuario (independientemente de sus permisos) puede leer archivos del sistema de archivos local debido a un path traversal en el endpoint `/hls`. Este problema puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Al momento de la publicaci\u00f3n, no hay parches disponibles."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.3",
"matchCriteriaId": "19C6C925-7C95-4BEA-8457-E1C2A4BA6526"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32", "url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/", "url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

756
CVE-2023/CVE-2023-482xx/CVE-2023-48225.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48225", "id": "CVE-2023-48225",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T21:15:08.237", "published": "2023-12-12T21:15:08.237",
"lastModified": "2023-12-13T01:50:36.127", "lastModified": "2023-12-19T16:30:05.530",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist." "value": "Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist."
},
{
"lang": "es",
"value": "Laf es una plataforma de desarrollo en la nube. Antes de la versi\u00f3n 1.0.0-beta.13, el control del entorno de la aplicaci\u00f3n LAF no era lo suficientemente estricto y, en ciertos escenarios del entorno de privatizaci\u00f3n, puede provocar una filtraci\u00f3n de informaci\u00f3n confidencial en secreto y en el mapa de configuraci\u00f3n. En la sintaxis de ES6, si un objeto hace referencia directamente a otro objeto, el nombre del propio objeto se utilizar\u00e1 como clave y toda la estructura del objeto se integrar\u00e1 intacta. Al construir la instancia de implementaci\u00f3n de la aplicaci\u00f3n, se encontr\u00f3 env en la base de datos y se insert\u00f3 directamente en la plantilla, lo que result\u00f3 en controlabilidad aqu\u00ed. La informaci\u00f3n confidencial en el mapa secreto y de configuraci\u00f3n se puede leer a trav\u00e9s del campo envFrom de k8s. En un entorno de privatizaci\u00f3n, cuando `namespaceConf. fijo` est\u00e1 marcado, puede provocar la fuga de informaci\u00f3n confidencial en el sistema. Al momento de la publicaci\u00f3n, no est\u00e1 claro si existen parches o workarounds."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +70,740 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC5D2AE-45C3-4A97-AB5C-79430E245993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "383C7C56-2620-432F-BC6B-5770A16C0DBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6890672-2C19-4FFD-A4E5-91A9D2F5EBFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86D1F7BF-ACE2-4454-B205-A72F9F499865"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2542658-E744-4583-BEBF-B68389889EF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77888A79-314C-4D77-AA0A-E48C28CD21F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086FBA72-49FB-4B42-907A-72C0A11FFAFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAD050A-570B-4B4F-99F1-CF6C60CF3DD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D97FBB36-7233-491D-936B-CCA87223B11F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C95FE9A-AC1C-4F8C-85D6-4260B36ED91C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF185E0-FC92-46CA-BDE7-1A1D5D68FE3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "30434067-B21E-42C9-8BAD-0D0E32113C63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3D5C67-9E5C-443F-8A5D-7B8967000425"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A78310C1-FDEA-487D-82EA-5A8976E68320"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD29745-0EAF-4B8F-86B2-1F5972452770"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4450518B-FF3E-4DD4-9143-14D1658BC165"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0051E3-8376-4751-B168-573A52FCE3AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A75E1B-2E71-4326-92B6-EE62819B38A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "85A1BD03-3350-44BB-BCD4-64385F16FE21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AF13954A-D95E-41D5-919E-EFDF88C0F4C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "52410271-BCAF-4D7E-8440-058489A1E09D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "79D196DC-3EE9-4D83-AAFC-753985C61930"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.4.21:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5A33F89F-0B9C-421D-BBD1-A1CD4F50B745"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B12D130-69C1-4133-9379-715F0AFD56DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "AC4F2C4E-0E2E-4304-93E8-5CC21BC48404"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D1EB8667-8C0F-4B89-AAB8-AFC4E11BFF5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "30A2F027-A4DB-40FE-95D4-B0D25F192492"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D48E2B3F-BB57-4FFD-89E9-3EB9677B6C50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B5CB3-37B8-4F29-8159-103811F61ED8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.1:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "8EA45AE9-5C0E-4FC8-BEB2-17A0DC934BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACC132E-79A3-441E-8A46-B2022329A6F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.2:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B937B516-7D9D-4732-9FD1-2FAA68D52740"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C922573F-BA99-4356-A7A9-F3891E7A0A57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D94853-0FBE-4CE5-9F44-A647724F6CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.4:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "D289795B-548C-47A1-AC1B-1E1CA2E42A22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CCF2B5-972A-43A5-9707-50D7E328516D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "C60431E8-D778-4AEA-9B12-0F3E39054D4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1732C7-5668-49F7-A7E6-C480FEAED816"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E23AF7-DB5E-4A7C-9CA5-EEBA2CEAD6EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "5E044B08-C93D-41E3-AFE4-9BD402A49460"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.5.8:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "E05E2E80-3D2C-4BE6-A386-AAFCCBD29A9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBD9D88-2E0B-47FF-9A66-8C72C96D016C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "7A633309-101F-4258-BE95-A2574EDDEFBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9B1241A2-80E5-44EE-A3ED-C02122242C6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "95F069C8-0C80-4235-AEEF-960E3330EB07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52FEE0DA-92F1-4606-A58D-BED0D36B8AA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BB41F9FC-F8D8-4638-BE14-EEC43F41A1ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "935AAAC9-A40C-4243-8F9E-7AF56CB6F2BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "B836FBB8-75FC-4316-90DD-68A7A408EEE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "4F11CE31-7424-4D77-AFC4-1DA391F5C0C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "FE3789CC-41B0-4D83-9803-0F5705160673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "F3E72000-0739-4014-8641-22CEF982E4CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "5C9B50C2-BAC7-462E-8EA9-913CF8A5F430"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E676779-C2BE-44D0-8D06-0CEDAA99A9DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6197A337-D1E9-4838-97ED-C9ADBA8A12F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1FCB88-335F-472F-8BA0-C8F55F7F70C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66F1F1A6-AF57-424C-B976-8A0D5A487568"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E85F11-49B5-495D-BF0E-F7E4546A98BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA83054-2A3C-4E6F-8A04-78E49F45CDF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "973DC598-5F25-42B8-83A5-C67287F87A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBF4FD-A026-4EDF-A561-262F1FF861AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "423247D0-A799-4556-99AC-2227EB9C826F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CF41DCC0-3031-45D5-A38D-D3C1327BA52B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5B30F-3F4A-4636-8A36-8026137A46B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1D689BE6-579A-44F5-B956-890E7BAD70DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73A02E2F-059C-4E8E-99B1-F76676186D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "29E15048-627D-4CF5-91FB-64FA5036BA25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB936119-382C-4358-A682-AB75A34C2DF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD04A17-0762-4B90-9B39-DAFE847D0A92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E60DB9B7-AEB4-4FB0-921B-AF9B9260BD8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5E74F2BB-CFE2-4BE6-9E53-621A8D3BA78F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0C16B372-BA60-4F4D-9B2A-17D96DCCE2F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8257EAB6-C10C-4C27-868B-4B7DE5B80734"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2438AD-AB62-45F6-8D6F-DBBA6A64FA86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C54FCE8A-86DE-4770-AA06-4E27DBAD84F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8664FA-15B2-4516-A4A0-2F922F961815"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9880FDA7-F0EE-4947-BD2A-17DE0A250BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DEF92-5910-4942-8D35-B87D35163A67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E309DC-DDFB-4349-9F83-684302A79E72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78624851-5C61-4EE4-B401-46EF49369BA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF79CEC-D34A-4BD5-BEA3-32674A4BC0B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAADB98-9EDF-40E1-BF6E-15BE5236C1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ADB832-1E9F-4B48-AAFA-CBE5CAA3C46B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEBCBDC-D9CD-4147-9716-B744339BD1BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A694A3E7-4AE0-468F-9B20-D8595123191D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4C49567C-907D-48DD-8290-3CC928401AEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FB74C264-BD90-4B51-BB9E-7C5BBADEEBD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBECAD0-C9EC-4DE5-927C-A0DB702F2FBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB965C-2F16-4298-8E07-2DE2D1D3528F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "08DFED82-998B-4946-94FD-9616FC185B9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "151CAEAB-6D0C-452D-858A-7092AE8EDA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "EB93BC7C-1DC4-4B18-AE91-498DF34C26E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "B9F0CB28-B01B-4951-81F4-7D0431090AEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8614B3F7-460E-46BC-AFB6-6FE0EF511A80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "701BAF33-1FD2-4185-9676-D6C1D96AB83A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E5A25B77-A0B5-4547-B07F-F30F980B5E0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "22DD423C-73C8-42EC-9737-6513BA28C4D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "70012861-A1E1-4F88-B299-B7C023768BE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "8BB0537B-A5C5-4EDB-B3E6-D354D1A05904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "BC4EEEA5-81B0-4F95-B423-91A6BA5A5337"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "8682C08D-D63F-4061-BFB4-5CE2A4C3D7C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B662C74-56F3-4A07-9FEF-C0AA7343FDB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D38DC671-5460-4B83-8827-2B34527D13E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC147EDB-59DB-4350-850E-B7E9ABF28E69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3B7E4-1B2D-4592-9F88-D2A8FC725051"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCF699B-2394-4ECE-9BBF-A740FF942976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.5:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "F12AFDE1-CCFD-49D6-A821-8053F79BCD7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D57ACD-51E3-4140-8C1A-C183CB8DB5EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BFA988-05C2-4A3D-B507-648739A27A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "75A482E7-2512-4844-8C7C-5696DDD65720"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9ED8003F-B0DD-43C1-B0D2-63CD1A43EC0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9208895A-0F02-49E4-8B01-D0962D285DAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "8BA93B6B-4E7F-4B44-B78C-DC35573377E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D21EF321-5D3C-4143-ACAA-A8C334F30430"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "82EF5E61-99AC-4274-B5B7-77F9A349B79F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1490C4A2-E9EB-45AB-9838-3188BD643458"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F60862FB-0D1A-4924-AE87-23CCBC8F5859"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27444410-B533-446C-8CF8-E3CABE154BA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3519A657-2DEB-41BE-9643-D69242509C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B1764706-9BB1-4D71-B30B-FAE1D316EDA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9634E59F-6E59-4E40-8D15-C07E266D10AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "D8C6EE4C-C95B-4F31-AC7D-1C4D01CBA05C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "2B7D144B-6E01-45DC-A56E-D764E7ECC42E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "078745FE-C0D3-493C-8A86-2CA0858E0725"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "0A811BDA-BBF6-4AF0-9CEE-DAD5A82DB037"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "00EB0B8E-3C5B-48EE-A2F9-4955BCD26E82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "1AAFA313-8207-4B25-AEC9-1248047F0E92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2332C03F-DDA8-4BB1-BAF2-9EF4BDBFAD2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "1493BEDA-DEE8-43DB-A158-1CBBDC6A22BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "63DFCB3B-210D-4D79-A3CD-651864203AF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "017F976F-48D2-4CBB-BDEB-9C2C4855D0E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "A529B7EA-CF43-4D68-9415-F1A6C5E0B485"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F6804F77-96BB-4A9F-AEED-F7FCFA4E9CF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "514EEA63-19EF-4B30-8CC9-EBB9C6D6A9CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "06B75B74-DE29-4BC1-B306-D249B9777997"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "AF190F7D-606D-4514-A97E-3959C426D96D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "261D68C2-2D75-42EB-BD53-794C86494AC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "1A1CB913-8A5A-42AE-B0D8-A1D428872103"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B6C443B8-2883-473A-B66F-C90F212E7AE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laf:laf:1.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "52D11C49-3F12-4569-951A-8FA151C79259"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50", "url": "https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306", "url": "https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp", "url": "https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2023/CVE-2023-486xx/CVE-2023-48664.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48664", "id": "CVE-2023-48664",
"sourceIdentifier": "security_alert@emc.com", "sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.640", "published": "2023-12-14T16:15:49.640",
"lastModified": "2023-12-14T17:17:54.510", "lastModified": "2023-12-19T16:41:04.083",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n" "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n"
},
{
"lang": "es",
"value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad y llevar a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema afectado."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "security_alert@emc.com", "source": "security_alert@emc.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{ {
"source": "security_alert@emc.com", "source": "security_alert@emc.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,43 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.5",
"matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.7",
"matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*",
"matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com" "source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2023/CVE-2023-486xx/CVE-2023-48665.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48665", "id": "CVE-2023-48665",
"sourceIdentifier": "security_alert@emc.com", "sourceIdentifier": "security_alert@emc.com",
"published": "2023-12-14T16:15:49.847", "published": "2023-12-14T16:15:49.847",
"lastModified": "2023-12-14T17:17:54.510", "lastModified": "2023-12-19T16:45:27.163",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n" "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n"
},
{
"lang": "es",
"value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad y llevar a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema afectado."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "security_alert@emc.com", "source": "security_alert@emc.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{ {
"source": "security_alert@emc.com", "source": "security_alert@emc.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,43 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.5",
"matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.4.7",
"matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*",
"matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com" "source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-492xx/CVE-2023-49296.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49296", "id": "CVE-2023-49296",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T20:15:49.587", "published": "2023-12-13T20:15:49.587",
"lastModified": "2023-12-13T21:25:53.887", "lastModified": "2023-12-19T15:43:13.307",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.\n" "value": "The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.\n"
},
{
"lang": "es",
"value": "Arduino Create Agent permite a los usuarios utilizar las aplicaciones Arduino Create para cargar c\u00f3digo a cualquier placa Arduino conectada por USB directamente desde el navegador. Una vulnerabilidad en versiones anteriores a la 1.3.6 afecta el endpoint `/certificate.crt` y la forma en que la interfaz web de ArduinoCreateAgent maneja los mensajes de error personalizados. Un atacante que sea capaz de persuadir a una v\u00edctima para que haga clic en un enlace malicioso puede realizar un ataque de Cross-Site Scripting Reflejadas en la interfaz web del agente de creaci\u00f3n, lo que permitir\u00eda al atacante ejecutar c\u00f3digo arbitrario del lado del cliente del navegador. La versi\u00f3n 1.3.6 contiene una soluci\u00f3n para el problema."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arduino:create_agent:*:*:*:*:*:go:*:*",
"versionEndExcluding": "1.3.6",
"matchCriteriaId": "1CBC26B9-A0DB-4ACB-B742-FC7B93D56A7C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/arduino/arduino-create-agent/commit/9a0e582bb8a1ff8e70d202943ddef8625ccefcc8", "url": "https://github.com/arduino/arduino-create-agent/commit/9a0e582bb8a1ff8e70d202943ddef8625ccefcc8",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-j5hc-wx84-844h", "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-j5hc-wx84-844h",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-497xx/CVE-2023-49734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49734", "id": "CVE-2023-49734",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:08.007", "published": "2023-12-19T10:15:08.007",
"lastModified": "2023-12-19T13:42:12.823", "lastModified": "2023-12-19T15:15:08.633",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -47,6 +47,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/3",
"source": "security@apache.org"
},
{ {
"url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5", "url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5",
"source": "security@apache.org" "source": "security@apache.org"

6
CVE-2023/CVE-2023-497xx/CVE-2023-49736.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49736", "id": "CVE-2023-49736",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-12-19T10:15:08.323", "published": "2023-12-19T10:15:08.323",
"lastModified": "2023-12-19T13:42:12.823", "lastModified": "2023-12-19T15:15:08.717",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -47,6 +47,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/2",
"source": "security@apache.org"
},
{ {
"url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p", "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p",
"source": "security@apache.org" "source": "security@apache.org"

51
CVE-2023/CVE-2023-497xx/CVE-2023-49770.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49770", "id": "CVE-2023-49770",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-14T16:15:51.660", "published": "2023-12-14T16:15:51.660",
"lastModified": "2023-12-14T17:17:54.510", "lastModified": "2023-12-19T16:53:26.097",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.\n\n" "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Peter Raschendorfer Smart External Link Click Monitor [Link Log] permite almacenar XSS. Este problema afecta Smart External Link Click Monitor [Link Log]: de n/a hasta 5.0.2."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +70,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:petersplugins:smart_external_link_click_monitor_\\[link_log\\]:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0.2",
"matchCriteriaId": "51CF357F-C232-4FAE-A5EC-B019E6C548F2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/link-log/wordpress-smart-external-link-click-monitor-link-log-plugin-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/link-log/wordpress-smart-external-link-click-monitor-link-log-plugin-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

181
CVE-2023/CVE-2023-498xx/CVE-2023-49878.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49878", "id": "CVE-2023-49878",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-13T21:15:08.243", "published": "2023-12-13T21:15:08.243",
"lastModified": "2023-12-13T21:25:53.887", "lastModified": "2023-12-19T15:31:33.753",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652." "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652."
},
{
"lang": "es",
"value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 272652."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,163 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.52.103.23",
"matchCriteriaId": "E6AE6909-E2BD-4E40-ACCF-42539FC45520"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F27A40-DCF1-49D5-8550-C9135A7775C2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.53.1.21",
"matchCriteriaId": "7D6C62B2-B179-40AE-8D3E-0C1C44B129C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75A467BF-72F2-428C-AD92-DAD31C5D1E6B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.52.103.23",
"matchCriteriaId": "6CA58C54-0E7F-40F6-9204-8961A58BCECA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F009408-2553-4A3D-808A-E390295A66E0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.53.1.21",
"matchCriteriaId": "E04A6F2B-1762-48FD-A794-9E01D1D9E3C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29DAE222-4508-4BCA-B17D-2CEBF1A34B4A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3948-ved_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.53.1.21",
"matchCriteriaId": "0DA59D69-2B5C-4728-AF12-6C7D59A9CD38"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3948-ved:r5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDA91D5-7A2D-4047-B3FB-21EF8274C2AA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272652", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272652",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7092383", "url": "https://www.ibm.com/support/pages/node/7092383",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-499xx/CVE-2023-49922.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49922", "id": "CVE-2023-49922",
"sourceIdentifier": "bressers@elastic.co", "sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-12T19:15:08.307", "published": "2023-12-12T19:15:08.307",
"lastModified": "2023-12-12T20:20:16.707", "lastModified": "2023-12-19T15:11:00.423",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default." "value": "An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
},
{
"lang": "es",
"value": "Elastic descubri\u00f3 un problema por el cual Beats y Elastic Agent registraban un evento sin procesar en sus propios registros en el nivel WARN o ERROR si fallaba la ingesta de ese evento en Elasticsearch con cualquier c\u00f3digo de estado HTTP 4xx excepto 409 o 429. Dependiendo de la naturaleza del en caso de que Beats o Elastic Agent intentaran ingerir, esto podr\u00eda dar lugar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros de Beats o Elastic Agent. Elastic lanz\u00f3 8.11.3 y 7.17.16 que evitan este problema al limitar estos tipos de registros al registro de nivel DEBUG, que est\u00e1 deshabilitado de forma predeterminada."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{ {
"source": "bressers@elastic.co", "source": "bressers@elastic.co",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{ {
"source": "bressers@elastic.co", "source": "bressers@elastic.co",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.17.16",
"matchCriteriaId": "45E5E452-50F8-4765-BF65-400C6EA1F358"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.11.3",
"matchCriteriaId": "FD7E1624-732C-4BEB-B644-051F0A670F18"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180", "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180",
"source": "bressers@elastic.co" "source": "bressers@elastic.co",
"tags": [
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-499xx/CVE-2023-49923.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49923", "id": "CVE-2023-49923",
"sourceIdentifier": "bressers@elastic.co", "sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-12T18:15:23.153", "published": "2023-12-12T18:15:23.153",
"lastModified": "2023-12-12T18:58:37.987", "lastModified": "2023-12-19T15:07:43.147",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": " An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default." "value": " An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default."
},
{
"lang": "es",
"value": "Elastic descubri\u00f3 un problema por el cual la API de documentos de App Search registraba el contenido sin procesar de los documentos indexados en el nivel de registro INFO. Dependiendo del contenido de dichos documentos, esto podr\u00eda dar lugar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros de b\u00fasqueda de aplicaciones. Elastic lanz\u00f3 8.11.2 y 7.17.16 que resuelve este problema cambiando el nivel de registro en el que se registran a DEBUG, que est\u00e1 deshabilitado de forma predeterminada."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{ {
"source": "bressers@elastic.co", "source": "bressers@elastic.co",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{ {
"source": "bressers@elastic.co", "source": "bressers@elastic.co",
"type": "Secondary", "type": "Secondary",
@ -46,14 +80,47 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.17.16",
"matchCriteriaId": "6295DE6D-CF97-4791-BCDC-4AD55693F1D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.11.2",
"matchCriteriaId": "A91699D3-7FC1-4AD8-ADE3-E4372FF750F4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181", "url": "https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181",
"source": "bressers@elastic.co" "source": "bressers@elastic.co",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.elastic.co/community/security", "url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co" "source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

82
CVE-2023/CVE-2023-499xx/CVE-2023-49938.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-49938", "id": "CVE-2023-49938",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:11.890", "published": "2023-12-14T05:15:11.890",
"lastModified": "2023-12-14T13:52:06.780", "lastModified": "2023-12-19T16:08:07.640",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7." "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en SchedMD Slurm 22.05.x y 23.02.x. Hay un control de acceso incorrecto: un atacante puede modificar su lista de grupos extendidos que se usa con el subsistema sbcast y abrir archivos con un conjunto no autorizado de grupos extendidos. Las versiones fijas son 22.05.11 y 23.02.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.05.0",
"versionEndExcluding": "22.05.11",
"matchCriteriaId": "E77BB569-B1F1-4636-B94D-0EF5E1D1CB34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.02.0",
"versionEndExcluding": "23.02.7",
"matchCriteriaId": "C81650BA-F3A5-4D8D-8F0E-336962EAC2E2"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.schedmd.com/security-archive.php", "url": "https://www.schedmd.com/security-archive.php",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

62
CVE-2023/CVE-2023-502xx/CVE-2023-50262.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50262", "id": "CVE-2023-50262",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T21:15:09.117", "published": "2023-12-13T21:15:09.117",
"lastModified": "2023-12-13T21:25:53.887", "lastModified": "2023-12-19T15:28:42.343",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.\n\nphp-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.\n\nWhen Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.\n\nVersion 2.0.4 contains a fix for this issue." "value": "Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.\n\nphp-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.\n\nWhen Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.\n\nVersion 2.0.4 contains a fix for this issue."
},
{
"lang": "es",
"value": "Dompdf es un conversor de HTML a PDF para PHP. Al analizar im\u00e1genes SVG, Dompdf realiza una validaci\u00f3n inicial para garantizar que las rutas dentro del SVG est\u00e9n permitidas. Una de las validaciones es que el documento SVG no hace referencia a s\u00ed mismo. Sin embargo, antes de la versi\u00f3n 2.0.4, un encadenado recursivo que utiliza dos o m\u00e1s documentos SVG no se valida correctamente. Dependiendo de la configuraci\u00f3n del sistema y del patr\u00f3n de ataque, esto podr\u00eda agotar la memoria disponible para el proceso en ejecuci\u00f3n y/o para el propio servidor. php-svg-lib, cuando se ejecuta de forma aislada, no admite referencias SVG para elementos de \"imagen\". Sin embargo, cuando se usa en combinaci\u00f3n con Dompdf, php-svg-lib procesar\u00e1 im\u00e1genes SVG a las que hace referencia un elemento `image`. Dompdf actualmente incluye validaci\u00f3n para evitar referencias de \"imagen\" autorreferenciales, pero no se verifica una referencia encadenada. Por lo tanto, un actor malicioso puede desencadenar una recursividad infinita encadenando referencias entre dos o m\u00e1s im\u00e1genes SVG. Cuando Dompdf analiza un payload malicioso, se bloquear\u00e1 despu\u00e9s de exceder el tiempo de ejecuci\u00f3n permitido o el uso de memoria. Un atacante que env\u00eda varias solicitudes a un sistema puede provocar el agotamiento de los recursos hasta el punto de que el sistema no pueda manejar las solicitudes entrantes. La versi\u00f3n 2.0.4 contiene una soluci\u00f3n para este problema."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,18 +74,46 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "19911C76-C061-445A-BB47-77C6DB04F42A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/dompdf/dompdf/blob/v2.0.3/src/Image/Cache.php#L136-L153", "url": "https://github.com/dompdf/dompdf/blob/v2.0.3/src/Image/Cache.php#L136-L153",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593", "url": "https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2", "url": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

43
CVE-2023/CVE-2023-502xx/CVE-2023-50272.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50272",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-12-19T16:15:12.347",
"lastModified": "2023-12-19T16:17:42.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us",
"source": "security-alert@hpe.com"
}
]
}

64
CVE-2023/CVE-2023-507xx/CVE-2023-50709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50709", "id": "CVE-2023-50709",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.620", "published": "2023-12-13T22:15:43.620",
"lastModified": "2023-12-14T13:52:16.903", "lastModified": "2023-12-19T15:28:16.453",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -40,8 +60,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -50,14 +80,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cube:cube.js:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "0.34.34",
"matchCriteriaId": "B46E8BCA-A91A-45C1-9B11-AEDFF03C47B4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/cube-js/cube/releases/tag/v0.34.34", "url": "https://github.com/cube-js/cube/releases/tag/v0.34.34",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/cube-js/cube/security/advisories/GHSA-9759-3276-g2pm", "url": "https://github.com/cube-js/cube/security/advisories/GHSA-9759-3276-g2pm",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

10
CVE-2023/CVE-2023-54xx/CVE-2023-5499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5499", "id": "CVE-2023-5499",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-10T14:15:11.213", "published": "2023-10-10T14:15:11.213",
"lastModified": "2023-10-18T13:01:10.597", "lastModified": "2023-12-19T15:15:08.913",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -60,7 +60,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "nvd@nist.gov", "source": "cve-coordination@incibe.es",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -70,12 +70,12 @@
] ]
}, },
{ {
"source": "cve-coordination@incibe.es", "source": "nvd@nist.gov",
"type": "Secondary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-200" "value": "CWE-532"
} }
] ]
} }

55
CVE-2023/CVE-2023-62xx/CVE-2023-6280.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6280",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-19T15:15:09.033",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps",
"source": "cve-coordination@incibe.es"
}
]
}

66
CVE-2023/CVE-2023-63xx/CVE-2023-6364.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6364", "id": "CVE-2023-6364",
"sourceIdentifier": "security@progress.com", "sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:52.957", "published": "2023-12-14T16:15:52.957",
"lastModified": "2023-12-14T17:17:54.510", "lastModified": "2023-12-19T15:25:57.190",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.\u00a0 It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.\u00a0\u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n" "value": "In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.\u00a0 It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.\u00a0\u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n"
},
{
"lang": "es",
"value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un componente del panel. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "security@progress.com", "source": "security@progress.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@progress.com", "source": "security@progress.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +80,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0",
"matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023", "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
"source": "security@progress.com" "source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.progress.com/network-monitoring", "url": "https://www.progress.com/network-monitoring",
"source": "security@progress.com" "source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

66
CVE-2023/CVE-2023-63xx/CVE-2023-6365.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6365", "id": "CVE-2023-6365",
"sourceIdentifier": "security@progress.com", "sourceIdentifier": "security@progress.com",
"published": "2023-12-14T16:15:53.163", "published": "2023-12-14T16:15:53.163",
"lastModified": "2023-12-14T17:17:50.580", "lastModified": "2023-12-19T16:52:31.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nIn WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. \u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n" "value": "\nIn WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. \u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n"
},
{
"lang": "es",
"value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un grupo de dispositivos. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "security@progress.com", "source": "security@progress.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@progress.com", "source": "security@progress.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +80,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.1.0",
"matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023", "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
"source": "security@progress.com" "source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.progress.com/network-monitoring", "url": "https://www.progress.com/network-monitoring",
"source": "security@progress.com" "source": "security@progress.com",
"tags": [
"Product"
]
} }
] ]
} }

173
CVE-2023/CVE-2023-65xx/CVE-2023-6534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6534", "id": "CVE-2023-6534",
"sourceIdentifier": "secteam@freebsd.org", "sourceIdentifier": "secteam@freebsd.org",
"published": "2023-12-13T09:15:34.680", "published": "2023-12-13T09:15:34.680",
"lastModified": "2023-12-13T13:35:25.510", "lastModified": "2023-12-19T15:27:29.937",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,176 @@
"value": "En las versiones de FreeBSD 14.0-RELEASE anteriores a 14-RELEASE-p2, FreeBSD 13.2-RELEASE anteriores a 13.2-RELEASE-p7 y FreeBSD 12.4-RELEASE anteriores a 12.4-RELEASE-p9, el filtro de paquetes pf(4) valida incorrectamente los n\u00fameros de secuencia TCP. Esto podr\u00eda permitir que un actor malintencionado ejecute un ataque de denegaci\u00f3n de servicio contra hosts detr\u00e1s del firewall." "value": "En las versiones de FreeBSD 14.0-RELEASE anteriores a 14-RELEASE-p2, FreeBSD 13.2-RELEASE anteriores a 13.2-RELEASE-p7 y FreeBSD 12.4-RELEASE anteriores a 12.4-RELEASE-p9, el filtro de paquetes pf(4) valida incorrectamente los n\u00fameros de secuencia TCP. Esto podr\u00eda permitir que un actor malintencionado ejecute un ataque de denegaci\u00f3n de servicio contra hosts detr\u00e1s del firewall."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*",
"matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "8C950F97-40B4-43BF-BB81-C49CE00A468B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "8FFBAD22-5712-472D-ADAF-13DE0826F888"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p7:*:*:*:*:*:*",
"matchCriteriaId": "888336D6-CA3C-45ED-90EA-C94A3146F1E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p8:*:*:*:*:*:*",
"matchCriteriaId": "7314B63B-75AF-44EF-9F4C-DDF7A18B77E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*",
"matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*",
"matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
"matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*",
"matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FA25530A-133C-4D7C-8993-D5C42D79A0B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*",
"matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc", "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc",
"source": "secteam@freebsd.org" "source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-66xx/CVE-2023-6687.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6687", "id": "CVE-2023-6687",
"sourceIdentifier": "bressers@elastic.co", "sourceIdentifier": "bressers@elastic.co",
"published": "2023-12-12T19:15:08.510", "published": "2023-12-12T19:15:08.510",
"lastModified": "2023-12-12T20:20:16.707", "lastModified": "2023-12-19T15:20:04.910",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default." "value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
},
{
"lang": "es",
"value": "Elastic descubri\u00f3 un problema por el cual Elastic Agent registraba un evento sin formato en sus propios registros en el nivel WARN o ERROR si fallaba la ingesta de ese evento en Elasticsearch con cualquier c\u00f3digo de estado HTTP 4xx excepto 409 o 429. Dependiendo de la naturaleza del evento, el Agente El\u00e1stico intent\u00f3 ingerir, esto podr\u00eda llevar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros del Agente El\u00e1stico. Elastic lanz\u00f3 8.11.3 y 7.17.16 que evitan este problema al limitar estos tipos de registros al registro de nivel DEBUG, que est\u00e1 deshabilitado de forma predeterminada."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{ {
"source": "bressers@elastic.co", "source": "bressers@elastic.co",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{ {
"source": "bressers@elastic.co", "source": "bressers@elastic.co",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.17.16",
"matchCriteriaId": "5F396842-37AD-4E18-9477-47001EF69314"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.11.3",
"matchCriteriaId": "D1345D08-E070-43B9-83F1-68F32FA619EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180", "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180",
"source": "bressers@elastic.co" "source": "bressers@elastic.co",
"tags": [
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-67xx/CVE-2023-6711.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6711",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-19T15:15:09.257",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000184&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2023/CVE-2023-69xx/CVE-2023-6913.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6913",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-12-19T15:15:09.447",
"lastModified": "2023-12-19T16:17:45.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app",
"source": "cve-coordination@incibe.es"
}
]
}

110
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-12-19T15:00:24.751708+00:00 2023-12-19T17:00:24.690445+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-12-19T14:50:39.843000+00:00 2023-12-19T16:53:42.183000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,69 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
233719 233751
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `25` Recently added CVEs: `32`
* [CVE-2019-25158](CVE-2019/CVE-2019-251xx/CVE-2019-25158.json) (`2023-12-19T13:15:43.133`) * [CVE-2023-46225](CVE-2023/CVE-2023-462xx/CVE-2023-46225.json) (`2023-12-19T16:15:10.260`)
* [CVE-2023-6730](CVE-2023/CVE-2023-67xx/CVE-2023-6730.json) (`2023-12-19T13:15:43.380`) * [CVE-2023-46257](CVE-2023/CVE-2023-462xx/CVE-2023-46257.json) (`2023-12-19T16:15:10.413`)
* [CVE-2023-6856](CVE-2023/CVE-2023-68xx/CVE-2023-6856.json) (`2023-12-19T14:15:07.313`) * [CVE-2023-46258](CVE-2023/CVE-2023-462xx/CVE-2023-46258.json) (`2023-12-19T16:15:10.570`)
* [CVE-2023-6857](CVE-2023/CVE-2023-68xx/CVE-2023-6857.json) (`2023-12-19T14:15:07.377`) * [CVE-2023-46259](CVE-2023/CVE-2023-462xx/CVE-2023-46259.json) (`2023-12-19T16:15:10.720`)
* [CVE-2023-6858](CVE-2023/CVE-2023-68xx/CVE-2023-6858.json) (`2023-12-19T14:15:07.420`) * [CVE-2023-46260](CVE-2023/CVE-2023-462xx/CVE-2023-46260.json) (`2023-12-19T16:15:10.887`)
* [CVE-2023-6859](CVE-2023/CVE-2023-68xx/CVE-2023-6859.json) (`2023-12-19T14:15:07.467`) * [CVE-2023-46261](CVE-2023/CVE-2023-462xx/CVE-2023-46261.json) (`2023-12-19T16:15:11.043`)
* [CVE-2023-6860](CVE-2023/CVE-2023-68xx/CVE-2023-6860.json) (`2023-12-19T14:15:07.510`) * [CVE-2023-46262](CVE-2023/CVE-2023-462xx/CVE-2023-46262.json) (`2023-12-19T16:15:11.190`)
* [CVE-2023-6861](CVE-2023/CVE-2023-68xx/CVE-2023-6861.json) (`2023-12-19T14:15:07.560`) * [CVE-2023-46263](CVE-2023/CVE-2023-462xx/CVE-2023-46263.json) (`2023-12-19T16:15:11.343`)
* [CVE-2023-6862](CVE-2023/CVE-2023-68xx/CVE-2023-6862.json) (`2023-12-19T14:15:07.603`) * [CVE-2023-46264](CVE-2023/CVE-2023-462xx/CVE-2023-46264.json) (`2023-12-19T16:15:11.493`)
* [CVE-2023-6863](CVE-2023/CVE-2023-68xx/CVE-2023-6863.json) (`2023-12-19T14:15:07.650`) * [CVE-2023-46265](CVE-2023/CVE-2023-462xx/CVE-2023-46265.json) (`2023-12-19T16:15:11.640`)
* [CVE-2023-6864](CVE-2023/CVE-2023-68xx/CVE-2023-6864.json) (`2023-12-19T14:15:07.707`) * [CVE-2023-46266](CVE-2023/CVE-2023-462xx/CVE-2023-46266.json) (`2023-12-19T16:15:11.787`)
* [CVE-2023-6865](CVE-2023/CVE-2023-68xx/CVE-2023-6865.json) (`2023-12-19T14:15:07.777`) * [CVE-2023-46803](CVE-2023/CVE-2023-468xx/CVE-2023-46803.json) (`2023-12-19T16:15:11.930`)
* [CVE-2023-6866](CVE-2023/CVE-2023-68xx/CVE-2023-6866.json) (`2023-12-19T14:15:07.847`) * [CVE-2023-46804](CVE-2023/CVE-2023-468xx/CVE-2023-46804.json) (`2023-12-19T16:15:12.077`)
* [CVE-2023-6867](CVE-2023/CVE-2023-68xx/CVE-2023-6867.json) (`2023-12-19T14:15:07.933`) * [CVE-2023-50272](CVE-2023/CVE-2023-502xx/CVE-2023-50272.json) (`2023-12-19T16:15:12.347`)
* [CVE-2023-6868](CVE-2023/CVE-2023-68xx/CVE-2023-6868.json) (`2023-12-19T14:15:07.983`) * [CVE-2023-1514](CVE-2023/CVE-2023-15xx/CVE-2023-1514.json) (`2023-12-19T15:15:08.037`)
* [CVE-2023-6869](CVE-2023/CVE-2023-68xx/CVE-2023-6869.json) (`2023-12-19T14:15:08.040`) * [CVE-2023-43870](CVE-2023/CVE-2023-438xx/CVE-2023-43870.json) (`2023-12-19T15:15:08.357`)
* [CVE-2023-6870](CVE-2023/CVE-2023-68xx/CVE-2023-6870.json) (`2023-12-19T14:15:08.087`) * [CVE-2023-6280](CVE-2023/CVE-2023-62xx/CVE-2023-6280.json) (`2023-12-19T15:15:09.033`)
* [CVE-2023-6871](CVE-2023/CVE-2023-68xx/CVE-2023-6871.json) (`2023-12-19T14:15:08.133`) * [CVE-2023-6711](CVE-2023/CVE-2023-67xx/CVE-2023-6711.json) (`2023-12-19T15:15:09.257`)
* [CVE-2023-6872](CVE-2023/CVE-2023-68xx/CVE-2023-6872.json) (`2023-12-19T14:15:08.180`) * [CVE-2023-6913](CVE-2023/CVE-2023-69xx/CVE-2023-6913.json) (`2023-12-19T15:15:09.447`)
* [CVE-2023-6873](CVE-2023/CVE-2023-68xx/CVE-2023-6873.json) (`2023-12-19T14:15:08.227`) * [CVE-2023-25715](CVE-2023/CVE-2023-257xx/CVE-2023-25715.json) (`2023-12-19T16:15:07.980`)
* [CVE-2023-6931](CVE-2023/CVE-2023-69xx/CVE-2023-6931.json) (`2023-12-19T14:15:08.277`) * [CVE-2023-37390](CVE-2023/CVE-2023-373xx/CVE-2023-37390.json) (`2023-12-19T16:15:08.193`)
* [CVE-2023-6932](CVE-2023/CVE-2023-69xx/CVE-2023-6932.json) (`2023-12-19T14:15:08.460`) * [CVE-2023-41727](CVE-2023/CVE-2023-417xx/CVE-2023-41727.json) (`2023-12-19T16:15:08.623`)
* [CVE-2023-50761](CVE-2023/CVE-2023-507xx/CVE-2023-50761.json) (`2023-12-19T14:15:07.033`) * [CVE-2023-44983](CVE-2023/CVE-2023-449xx/CVE-2023-44983.json) (`2023-12-19T16:15:08.787`)
* [CVE-2023-50762](CVE-2023/CVE-2023-507xx/CVE-2023-50762.json) (`2023-12-19T14:15:07.093`) * [CVE-2023-44991](CVE-2023/CVE-2023-449xx/CVE-2023-44991.json) (`2023-12-19T16:15:08.973`)
* [CVE-2023-6135](CVE-2023/CVE-2023-61xx/CVE-2023-6135.json) (`2023-12-19T14:15:07.143`) * [CVE-2023-46216](CVE-2023/CVE-2023-462xx/CVE-2023-46216.json) (`2023-12-19T16:15:09.170`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `70` Recently modified CVEs: `37`
* [CVE-2023-23576](CVE-2023/CVE-2023-235xx/CVE-2023-23576.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-6364](CVE-2023/CVE-2023-63xx/CVE-2023-6364.json) (`2023-12-19T15:25:57.190`)
* [CVE-2023-23584](CVE-2023/CVE-2023-235xx/CVE-2023-23584.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-6534](CVE-2023/CVE-2023-65xx/CVE-2023-6534.json) (`2023-12-19T15:27:29.937`)
* [CVE-2023-24590](CVE-2023/CVE-2023-245xx/CVE-2023-24590.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-47620](CVE-2023/CVE-2023-476xx/CVE-2023-47620.json) (`2023-12-19T15:27:49.173`)
* [CVE-2023-41967](CVE-2023/CVE-2023-419xx/CVE-2023-41967.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-47623](CVE-2023/CVE-2023-476xx/CVE-2023-47623.json) (`2023-12-19T15:27:59.743`)
* [CVE-2023-46686](CVE-2023/CVE-2023-466xx/CVE-2023-46686.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-50709](CVE-2023/CVE-2023-507xx/CVE-2023-50709.json) (`2023-12-19T15:28:16.453`)
* [CVE-2023-48768](CVE-2023/CVE-2023-487xx/CVE-2023-48768.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-50262](CVE-2023/CVE-2023-502xx/CVE-2023-50262.json) (`2023-12-19T15:28:42.343`)
* [CVE-2023-48769](CVE-2023/CVE-2023-487xx/CVE-2023-48769.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-49878](CVE-2023/CVE-2023-498xx/CVE-2023-49878.json) (`2023-12-19T15:31:33.753`)
* [CVE-2023-48772](CVE-2023/CVE-2023-487xx/CVE-2023-48772.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-47624](CVE-2023/CVE-2023-476xx/CVE-2023-47624.json) (`2023-12-19T15:33:35.507`)
* [CVE-2023-48773](CVE-2023/CVE-2023-487xx/CVE-2023-48773.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-49296](CVE-2023/CVE-2023-492xx/CVE-2023-49296.json) (`2023-12-19T15:43:13.307`)
* [CVE-2023-48778](CVE-2023/CVE-2023-487xx/CVE-2023-48778.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-43583](CVE-2023/CVE-2023-435xx/CVE-2023-43583.json) (`2023-12-19T15:49:19.407`)
* [CVE-2023-48781](CVE-2023/CVE-2023-487xx/CVE-2023-48781.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2023-12-19T16:08:07.640`)
* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-40657](CVE-2023/CVE-2023-406xx/CVE-2023-40657.json) (`2023-12-19T16:10:07.447`)
* [CVE-2023-6355](CVE-2023/CVE-2023-63xx/CVE-2023-6355.json) (`2023-12-19T13:42:29.533`) * [CVE-2023-41618](CVE-2023/CVE-2023-416xx/CVE-2023-41618.json) (`2023-12-19T16:11:02.990`)
* [CVE-2023-50011](CVE-2023/CVE-2023-500xx/CVE-2023-50011.json) (`2023-12-19T13:49:18.530`) * [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-12-19T16:15:07.883`)
* [CVE-2023-6890](CVE-2023/CVE-2023-68xx/CVE-2023-6890.json) (`2023-12-19T13:50:36.190`) * [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-12-19T16:15:08.413`)
* [CVE-2023-6889](CVE-2023/CVE-2023-68xx/CVE-2023-6889.json) (`2023-12-19T13:52:23.363`) * [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-12-19T16:15:08.527`)
* [CVE-2023-6836](CVE-2023/CVE-2023-68xx/CVE-2023-6836.json) (`2023-12-19T13:52:56.807`) * [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-12-19T16:15:12.243`)
* [CVE-2023-6448](CVE-2023/CVE-2023-64xx/CVE-2023-6448.json) (`2023-12-19T14:15:07.183`) * [CVE-2023-40658](CVE-2023/CVE-2023-406xx/CVE-2023-40658.json) (`2023-12-19T16:18:43.973`)
* [CVE-2023-48676](CVE-2023/CVE-2023-486xx/CVE-2023-48676.json) (`2023-12-19T14:20:14.047`) * [CVE-2023-40659](CVE-2023/CVE-2023-406xx/CVE-2023-40659.json) (`2023-12-19T16:19:14.030`)
* [CVE-2023-48663](CVE-2023/CVE-2023-486xx/CVE-2023-48663.json) (`2023-12-19T14:33:48.787`) * [CVE-2023-48225](CVE-2023/CVE-2023-482xx/CVE-2023-48225.json) (`2023-12-19T16:30:05.530`)
* [CVE-2023-6702](CVE-2023/CVE-2023-67xx/CVE-2023-6702.json) (`2023-12-19T14:44:04.613`) * [CVE-2023-48664](CVE-2023/CVE-2023-486xx/CVE-2023-48664.json) (`2023-12-19T16:41:04.083`)
* [CVE-2023-47619](CVE-2023/CVE-2023-476xx/CVE-2023-47619.json) (`2023-12-19T14:45:12.943`) * [CVE-2023-48665](CVE-2023/CVE-2023-486xx/CVE-2023-48665.json) (`2023-12-19T16:45:27.163`)
* [CVE-2023-6775](CVE-2023/CVE-2023-67xx/CVE-2023-6775.json) (`2023-12-19T14:46:42.323`) * [CVE-2023-6365](CVE-2023/CVE-2023-63xx/CVE-2023-6365.json) (`2023-12-19T16:52:31.667`)
* [CVE-2023-49577](CVE-2023/CVE-2023-495xx/CVE-2023-49577.json) (`2023-12-19T14:50:18.817`) * [CVE-2023-49770](CVE-2023/CVE-2023-497xx/CVE-2023-49770.json) (`2023-12-19T16:53:26.097`)
* [CVE-2023-49580](CVE-2023/CVE-2023-495xx/CVE-2023-49580.json) (`2023-12-19T14:50:39.843`) * [CVE-2023-40656](CVE-2023/CVE-2023-406xx/CVE-2023-40656.json) (`2023-12-19T16:53:42.183`)
## Download and Usage ## Download and Usage