admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-22T23:02:11.121759+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-22 23:02:14 +00:00
parent 086b621c17
commit 6f7539fca9
109 changed files with 2721 additions and 361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-257xx/CVE-2020-25792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-25792",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-19T21:15:12.267",
"lastModified": "2021-01-12T13:44:11.263",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-22T22:15:07.433",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -94,6 +94,10 @@
}
],
"references": [
{
"url": "https://github.com/bodil/sized-chunks/commit/3ae48bd463c1af41c24b96b84079946f51f51e3c",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bodil/sized-chunks/issues/11",
"source": "cve@mitre.org",

9
CVE-2021/CVE-2021-216xx/CVE-2021-21676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21676",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.400",
"lastModified": "2023-10-25T18:16:51.423",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:14:54.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -104,7 +104,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2021/CVE-2021-216xx/CVE-2021-21677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21677",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.447",
"lastModified": "2023-10-25T18:16:51.493",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:14:41.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [

6
CVE-2021/CVE-2021-216xx/CVE-2021-21678.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21678",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.500",
"lastModified": "2023-10-25T18:16:51.577",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:14:36.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-352"
}
]
}

6
CVE-2021/CVE-2021-216xx/CVE-2021-21679.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21679",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.553",
"lastModified": "2023-10-25T18:16:51.640",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:20:28.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-352"
}
]
}

4
CVE-2021/CVE-2021-216xx/CVE-2021-21680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21680",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.607",
"lastModified": "2023-10-25T18:16:51.703",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:14:19.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-216xx/CVE-2021-21681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21681",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.663",
"lastModified": "2023-10-25T18:16:51.773",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:20:17.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

6
CVE-2021/CVE-2021-216xx/CVE-2021-21682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21682",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-10-06T23:15:06.860",
"lastModified": "2023-10-25T18:16:51.837",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:20:08.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "NVD-CWE-noinfo"
}
]
}

16
CVE-2021/CVE-2021-216xx/CVE-2021-21683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21683",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-10-06T23:15:06.927",
"lastModified": "2023-10-25T18:16:51.927",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:18:37.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",

4
CVE-2021/CVE-2021-216xx/CVE-2021-21684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21684",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-10-06T23:15:06.977",
"lastModified": "2023-10-25T18:16:51.997",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:18:23.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

17
CVE-2021/CVE-2021-216xx/CVE-2021-21685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21685",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:07.710",
"lastModified": "2023-10-25T18:16:52.083",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:18:19.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
@ -92,6 +104,7 @@
"url": "http://www.openwall.com/lists/oss-security/2021/11/04/3",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},

4
CVE-2021/CVE-2021-216xx/CVE-2021-21686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21686",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.277",
"lastModified": "2023-10-25T18:16:52.177",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:18:15.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-216xx/CVE-2021-21687.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21687",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.390",
"lastModified": "2023-10-25T18:16:52.253",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:17:51.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2021/CVE-2021-216xx/CVE-2021-21688.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21688",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.447",
"lastModified": "2023-10-25T18:16:52.333",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:33:54.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2021/CVE-2021-216xx/CVE-2021-21689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21689",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.500",
"lastModified": "2023-10-25T18:16:52.407",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:33:07.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2021/CVE-2021-216xx/CVE-2021-21690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21690",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.553",
"lastModified": "2023-10-25T18:16:52.477",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:23:41.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-216xx/CVE-2021-21691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21691",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.607",
"lastModified": "2023-10-25T18:16:52.560",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:23:04.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-216xx/CVE-2021-21692.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21692",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.660",
"lastModified": "2023-10-25T18:16:52.623",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:23:00.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2021/CVE-2021-216xx/CVE-2021-21693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21693",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.717",
"lastModified": "2023-10-25T18:16:52.690",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:56.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-216xx/CVE-2021-21694.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21694",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.767",
"lastModified": "2023-10-25T18:16:52.783",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:41.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-216xx/CVE-2021-21695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21695",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.820",
"lastModified": "2023-10-25T18:16:52.867",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2021/CVE-2021-216xx/CVE-2021-21696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21696",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.873",
"lastModified": "2023-10-25T18:16:52.933",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:27.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-216xx/CVE-2021-21698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21698",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.987",
"lastModified": "2023-10-25T18:16:53.110",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:06.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-216xx/CVE-2021-21699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21699",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.007",
"lastModified": "2023-10-25T18:16:53.193",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:24:24.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-217xx/CVE-2021-21700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21700",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.113",
"lastModified": "2023-10-25T18:16:53.287",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:24:16.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

19
CVE-2021/CVE-2021-217xx/CVE-2021-21701.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-21701",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.167",
"lastModified": "2023-10-25T18:16:53.360",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:24:12.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
@ -101,7 +113,8 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1313/",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Third Party Advisory"
"Third Party Advisory",
"VDB Entry"
]
}
]

19
CVE-2021/CVE-2021-435xx/CVE-2021-43576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43576",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.237",
"lastModified": "2023-10-25T18:16:53.680",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:33:01.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
@ -101,7 +113,8 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1314/",
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Third Party Advisory"
"Third Party Advisory",
"VDB Entry"
]
}
]

16
CVE-2021/CVE-2021-435xx/CVE-2021-43577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43577",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.287",
"lastModified": "2023-10-25T18:16:53.743",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:32:53.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2021/CVE-2021-435xx/CVE-2021-43578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43578",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.340",
"lastModified": "2023-10-25T18:16:53.800",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:32:42.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [

51
CVE-2022/CVE-2022-01xx/CVE-2022-0194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-0194",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-03-28T19:15:09.877",
"lastModified": "2023-11-01T17:15:10.087",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-22T21:02:36.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -57,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
@ -84,12 +94,36 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
@ -100,11 +134,18 @@
},
{
"url": "https://security.gentoo.org/glsa/202311-02",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5503",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20612",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.653",
"lastModified": "2023-10-25T18:16:54.247",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:32:37.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20613",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.713",
"lastModified": "2023-10-25T18:16:54.327",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:32:32.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20614.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20614",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.763",
"lastModified": "2023-10-25T18:16:54.413",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:30:49.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20615.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20615",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.810",
"lastModified": "2023-10-25T18:16:54.477",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:30:31.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20616",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.857",
"lastModified": "2023-10-25T18:16:54.540",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:30:17.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-206xx/CVE-2022-20617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-20617",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.907",
"lastModified": "2023-10-25T18:16:54.620",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:27:23.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

57
CVE-2022/CVE-2022-231xx/CVE-2022-23121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23121",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-03-28T19:15:10.203",
"lastModified": "2023-11-01T17:15:10.353",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-22T21:02:55.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -57,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
@ -84,16 +94,44 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
@ -104,11 +142,18 @@
},
{
"url": "https://security.gentoo.org/glsa/202311-02",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5503",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/",

51
CVE-2022/CVE-2022-231xx/CVE-2022-23122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23122",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-03-28T19:15:10.283",
"lastModified": "2023-11-01T17:15:10.433",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-22T21:03:16.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -57,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
@ -84,12 +94,36 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
@ -100,11 +134,18 @@
},
{
"url": "https://security.gentoo.org/glsa/202311-02",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5503",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/",

57
CVE-2022/CVE-2022-231xx/CVE-2022-23123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23123",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-03-28T19:15:10.340",
"lastModified": "2023-11-01T17:15:10.507",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-22T21:03:25.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -57,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
@ -84,16 +94,44 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
@ -104,11 +142,18 @@
},
{
"url": "https://security.gentoo.org/glsa/202311-02",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5503",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/",

4
CVE-2022/CVE-2022-252xx/CVE-2022-25211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.457",
"lastModified": "2023-10-25T18:16:58.110",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:18:31.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-252xx/CVE-2022-25212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25212",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.573",
"lastModified": "2023-10-25T18:16:58.167",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:18:28.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-271xx/CVE-2022-27195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27195",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:09.540",
"lastModified": "2023-10-25T18:16:58.227",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:21:52.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-271xx/CVE-2022-27196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27196",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:09.920",
"lastModified": "2023-10-25T18:16:58.297",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:01.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-271xx/CVE-2022-27197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27197",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.077",
"lastModified": "2023-10-25T18:16:58.363",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:23:09.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-271xx/CVE-2022-27198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27198",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.190",
"lastModified": "2023-10-25T18:16:58.427",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:22:36.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-271xx/CVE-2022-27199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27199",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.320",
"lastModified": "2023-10-25T18:16:58.493",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:33:04.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-272xx/CVE-2022-27200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27200",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.433",
"lastModified": "2023-10-25T18:16:58.553",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:32:57.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-272xx/CVE-2022-27201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27201",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.527",
"lastModified": "2023-10-25T18:16:58.620",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:32:27.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-272xx/CVE-2022-27202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27202",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.757",
"lastModified": "2023-10-25T18:16:58.703",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:30:21.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

21
CVE-2022/CVE-2022-347xx/CVE-2022-34798.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34798",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.220",
"lastModified": "2023-10-25T18:17:10.303",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:02:19.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
@ -84,7 +96,10 @@
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2022/CVE-2022-368xx/CVE-2022-36881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36881",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.770",
"lastModified": "2023-10-25T18:17:11.977",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:13:27.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36882.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36882",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.827",
"lastModified": "2023-10-25T18:17:12.050",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:12:05.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36883.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36883",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.880",
"lastModified": "2023-10-25T18:17:12.103",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:12:01.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2022/CVE-2022-368xx/CVE-2022-36884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36884",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.933",
"lastModified": "2023-10-25T18:17:12.157",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:11:56.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2022/CVE-2022-368xx/CVE-2022-36885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36885",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.980",
"lastModified": "2023-10-25T18:17:12.217",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:11:43.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36886",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.040",
"lastModified": "2023-10-25T18:17:12.273",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:10:04.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36887",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.090",
"lastModified": "2023-10-25T18:17:12.327",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:10:00.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [

4
CVE-2022/CVE-2022-368xx/CVE-2022-36888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36888",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.143",
"lastModified": "2023-10-25T18:17:12.387",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:55.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

16
CVE-2022/CVE-2022-368xx/CVE-2022-36889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36889",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.197",
"lastModified": "2023-10-25T18:17:12.447",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:44.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36890",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.247",
"lastModified": "2023-10-25T18:17:12.513",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:40.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36891",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.300",
"lastModified": "2023-10-25T18:17:12.570",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:25.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36892",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.353",
"lastModified": "2023-10-25T18:17:12.633",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:21.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36893",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.403",
"lastModified": "2023-10-25T18:17:12.697",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:17.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-368xx/CVE-2022-36894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36894",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.453",
"lastModified": "2023-10-25T18:17:12.757",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:14.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [

16
CVE-2022/CVE-2022-369xx/CVE-2022-36910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36910",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.277",
"lastModified": "2023-10-25T18:17:13.790",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:09:03.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

21
CVE-2022/CVE-2022-369xx/CVE-2022-36911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36911",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.337",
"lastModified": "2023-10-25T18:17:13.843",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:39.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

9
CVE-2022/CVE-2022-369xx/CVE-2022-36912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36912",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.667",
"lastModified": "2023-10-25T18:17:13.897",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:33.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -79,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-369xx/CVE-2022-36913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36913",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:11.093",
"lastModified": "2023-10-25T18:17:13.960",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:27.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2022/CVE-2022-369xx/CVE-2022-36914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36914",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:11.530",
"lastModified": "2023-10-25T18:17:14.017",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:24.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [

21
CVE-2022/CVE-2022-434xx/CVE-2022-43401.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43401",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.127",
"lastModified": "2023-10-25T18:17:18.590",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:18.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-434xx/CVE-2022-43402.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43402",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.197",
"lastModified": "2023-10-25T18:17:18.667",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:14.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

26
CVE-2022/CVE-2022-434xx/CVE-2022-43403.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43403",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.253",
"lastModified": "2023-10-25T18:17:18.727",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:10.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,11 +79,17 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Third Party Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-434xx/CVE-2022-43404.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43404",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.313",
"lastModified": "2023-10-25T18:17:18.797",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:16:02.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

11
CVE-2022/CVE-2022-434xx/CVE-2022-43405.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43405",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.370",
"lastModified": "2023-10-25T18:17:18.860",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:15:57.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -45,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "NVD-CWE-noinfo"
}
]
}
@ -79,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2022/CVE-2022-434xx/CVE-2022-43406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43406",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.427",
"lastModified": "2023-10-25T18:17:18.920",
"vulnStatus": "Modified",
"lastModified": "2023-11-22T21:15:18.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
@ -67,7 +79,10 @@
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

34
CVE-2023/CVE-2023-10xx/CVE-2023-1009.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1009",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-24T11:15:10.997",
"lastModified": "2023-11-07T04:02:11.893",
"lastModified": "2023-11-22T21:15:07.590",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
@ -37,43 +37,43 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
"baseScore": 4.0
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

46
CVE-2023/CVE-2023-11xx/CVE-2023-1162.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1162",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-03T07:15:09.140",
"lastModified": "2023-11-07T04:02:41.170",
"lastModified": "2023-11-22T21:15:07.870",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
@ -33,44 +33,44 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

18
CVE-2023/CVE-2023-11xx/CVE-2023-1163.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1163",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-03T07:15:09.263",
"lastModified": "2023-11-07T04:02:41.500",
"lastModified": "2023-11-22T21:15:08.110",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
@ -33,29 +33,29 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

68
CVE-2023/CVE-2023-228xx/CVE-2023-22818.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-22818",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-11-15T20:15:07.157",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:40:03.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for\nWindows that could allow attackers with local access to execute arbitrary code by executing the installer\nin the same folder as the malicious DLL.\u00a0This can lead to the execution of arbitrary\ncode with the privileges of the vulnerable application or obtain a certain level of persistence\non the compromised host.\u00a0"
},
{
"lang": "es",
"value": "Se abordaron vulnerabilidades de Multiple DLL Search Order Hijack en SanDisk Security Installer para Windows que podr\u00edan permitir a atacantes con acceso local ejecutar c\u00f3digo arbitrario ejecutando el instalador en la misma carpeta que la DLL maliciosa. Esto puede llevar a la ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios de la aplicaci\u00f3n vulnerable u obtener un cierto nivel de persistencia en el host comprometido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -46,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:westerndigital:sandisk_security_installer:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "1.0.0.25",
"matchCriteriaId": "FC7AE34A-B047-491B-8B84-B0389A48074E"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.245601",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Broken Link"
]
}
]
}

61
CVE-2023/CVE-2023-309xx/CVE-2023-30954.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30954",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-11-15T20:15:07.380",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:40:38.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized."
},
{
"lang": "es",
"value": "El servicio del servidor de aplicaciones de v\u00eddeo de Gotham conten\u00eda una condici\u00f3n de ejecuci\u00f3n que provocar\u00eda que no aplicara ciertas ACL a nuevos v\u00eddeos si el sistema fuente a\u00fan no se hab\u00eda inicializado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
},
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palantir:video-application-server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.206.1",
"matchCriteriaId": "151269D7-5DAD-4B4C-8EDB-53F133602EA0"
}
]
}
]
}
],
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567",
"source": "cve-coordination@palantir.com"
"source": "cve-coordination@palantir.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40809.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40809",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.610",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T21:54:41.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Activity Search Criteria-Activity Number. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40809-html-injection-search/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40810.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40810",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.660",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T21:56:03.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Product Name Field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40810-html-injection-product-creation/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40812.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40812",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.707",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:36:21.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Accounts Group Name Field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40813.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40813",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.750",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:41:48.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Activity Saved Search Creation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40813-html-injection-saved-search/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40814.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40814",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.790",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:36:28.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Accounts Name Field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40814-html-injection-accounts/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40815.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40815",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.830",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:36:34.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Category Creation Name Field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40815-html-injection-category/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40816.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40816",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.877",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:36:42.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Activity Milestone Name Field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40817.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40817",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T04:15:07.920",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:36:51.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field."
},
{
"lang": "es",
"value": "OpenCRX versi\u00f3n 5.2.0 es vulnerable a la inyecci\u00f3n de HTML a trav\u00e9s de Product Configuration Name Field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22A2E9-7F02-4B5D-A74D-D2F8C997BF75"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-443xx/CVE-2023-44355.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44355",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:22.083",
"lastModified": "2023-11-17T17:28:23.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T21:54:26.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction."
},
{
"lang": "es",
"value": "Las versiones 2023.5 (y anteriores) y 2021.11 (y anteriores) de Adobe ColdFusion se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para afectar una caracter\u00edstica de integridad menor. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
}
],
"metrics": {
@ -46,10 +50,122 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021",
"matchCriteriaId": "39EBF22C-3ED8-4C91-AA46-1BA920CE1920"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*",
"matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*",
"matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*",
"matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*",
"matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*",
"matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*",
"matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*",
"matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*",
"matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*",
"matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*",
"matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*",
"matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*",
"matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
"matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
"matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*",
"matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*",
"matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*",
"matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-466xx/CVE-2023-46672.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46672",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-15T08:15:07.907",
"lastModified": "2023-11-15T13:54:23.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:38:12.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.\n\nThe prerequisites for the manifestation of this issue are:\n\n * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.\n\n\n * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Elastic identific\u00f3 un problema por el cual se registra informaci\u00f3n confidencial en los registros de Logstash en circunstancias espec\u00edficas. Los requisitos previos para la manifestaci\u00f3n de este problema son: * Logstash est\u00e1 configurado para iniciar sesi\u00f3n en formato JSON https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html, que no es el formato de registro predeterminado. * Los datos confidenciales se almacenan en el almac\u00e9n de claves de Logstash y se hace referencia a ellos como una variable en la configuraci\u00f3n de Logstash."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0",
"versionEndExcluding": "8.11.1",
"matchCriteriaId": "52DFEFFA-CCF9-4E50-8E9C-7F79648ECA45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:logstash:7.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FC2020-096A-46B3-8A0C-34E35FD00EDD"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-476xx/CVE-2023-47627.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T21:15:12.820",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:40:55.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. El analizador HTTP en AIOHTTP tiene numerosos problemas con el an\u00e1lisis de encabezados, lo que podr\u00eda provocar contrabando de solicitudes. Este analizador solo se usa cuando AIOHTTP_NO_EXTENSIONS est\u00e1 habilitado (o no se usa una rueda predise\u00f1ada). Estos errores se solucionaron en el commit`d5c12ba89` que se incluy\u00f3 en la versi\u00f3n 3.8.6. Se recomienda a los usuarios que actualicen. No se conocen workarounds para estos problemas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.6",
"matchCriteriaId": "CB42D548-24BA-4A11-9732-2BE87863BCF2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-476xx/CVE-2023-47636.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47636",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-15T20:15:07.803",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:37:57.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path \"fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)\". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "El paquete Pimcore Admin Classic proporciona una interfaz de usuario de backend para Pimcore. Las vulnerabilidades de Full Path Disclosure (FPD) permiten al atacante ver la ruta al archivo/ra\u00edz web. Por ejemplo: /home/omg/htdocs/file/. Ciertas vulnerabilidades, como el uso de la consulta load_file() (dentro de una inyecci\u00f3n SQL) para ver el origen de la p\u00e1gina, requieren que el atacante tenga la ruta completa al archivo que desea ver. En el caso de pimcore, la funci\u00f3n fopen() aqu\u00ed no tiene un controlador de error cuando el archivo no existe en el servidor, por lo que la respuesta del servidor genera la ruta completa \"fopen(/var/www/html/var/tmp/export-{uniqe id}.csv)\". Este problema se solucion\u00f3 en el commit `10d178ef771` que se incluy\u00f3 en la versi\u00f3n 1.2.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.2.1",
"matchCriteriaId": "F97407FD-0069-4A96-8B4B-62B7CD344E93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

62
CVE-2023/CVE-2023-476xx/CVE-2023-47637.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47637",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-15T20:15:08.013",
"lastModified": "2023-11-16T01:43:41.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:37:36.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Pimcore es una Plataforma de Gesti\u00f3n de Experiencias y Datos de C\u00f3digo Abierto. En las versiones afectadas, el endpoint `/admin/object/grid-proxy` llama a `getFilterCondition()` en los campos de las clases que se van a filtrar, pasa informaci\u00f3n de la solicitud y luego ejecuta el SQL devuelto. Una implementaci\u00f3n de `getFilterCondition()` est\u00e1 en `Multiselect`, que no normaliza/escapa/valida el valor pasado. Cualquier usuario de backend con permisos muy b\u00e1sicos puede ejecutar declaraciones SQL arbitrarias y as\u00ed alterar cualquier dato o escalar sus privilegios al menos al nivel de administrador. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 11.1.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.1",
"matchCriteriaId": "CB0AB594-DA12-4DB0-9CEF-B597702362EE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-476xx/CVE-2023-47641.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T21:15:13.713",
"lastModified": "2023-11-14T21:38:02.453",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-22T22:41:24.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Las versiones afectadas de aiohttp tienen una vulnerabilidad de seguridad relacionada con la interpretaci\u00f3n inconsistente del protocolo http. HTTP/1.1 es un protocolo persistente, si los valores de encabezado Content-Length (CL) y Transfer-Encoding (TE) est\u00e1n presentes, puede llevar a una interpretaci\u00f3n incorrecta de dos entidades que analizan HTTP y podemos envenenar otros sockets con esta interpretaci\u00f3n incorrecta. Una posible Proof-of-Concept (POC) ser\u00eda una configuraci\u00f3n con un proxy inverso (frontend) que acepte encabezados CL y TE y aiohttp como backend. Como aiohttp analiza cualquier cosa con fragmentos, podemos pasar un fragmento123 como TE, la entidad de interfaz ignorar\u00e1 este encabezado y analizar\u00e1 la longitud del contenido. El impacto de esta vulnerabilidad es que es posible eludir cualquier regla de proxy, envenenando los sockets de otros usuarios, como pasar encabezados de autenticaci\u00f3n. Adem\u00e1s, si est\u00e1 presente un redireccionamiento abierto, un atacante podr\u00eda combinarlo para redirigir a usuarios aleatorios a otro sitio web y registrar la solicitud. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 3.8.0 de aiohttp. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.0",
"matchCriteriaId": "A206D0B6-C5CB-4AA9-9C17-C3041A7C42A7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47766.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.580",
"lastModified": "2023-11-22T22:15:07.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <=\u00a01.11.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-status-notifier-lite/wordpress-post-status-notifier-lite-plugin-1-11-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47767.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.760",
"lastModified": "2023-11-22T22:15:07.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <=\u00a03.2.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47768.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.940",
"lastModified": "2023-11-22T22:15:07.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <=\u00a01.17 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47773.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.133",
"lastModified": "2023-11-22T22:15:08.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <=\u00a02.8.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-477xx/CVE-2023-47786.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47786",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.313",
"lastModified": "2023-11-22T22:15:08.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <=\u00a07.7.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47808.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47808",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.493",
"lastModified": "2023-11-22T22:15:08.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <=\u00a01.3.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-widgets-to-page/wordpress-add-widgets-to-page-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More