admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-25T18:00:27.430472+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-25 18:00:31 +00:00
parent 59f715a731
commit 7ce8f3657d
121 changed files with 5395 additions and 380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
CVE-2019/CVE-2019-194xx/CVE-2019-19450.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2019-19450",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:12.310",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:37:50.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code=\"' followed by arbitrary Python code, a similar issue to CVE-2019-17626."
},
{
"lang": "es",
"value": "paraparser en ReportLab anterior a 3.5.31 permite la ejecuci\u00f3n remota de c\u00f3digo porque start_unichar en paraparser.py eval\u00faa la entrada de un usuario que no es de confianza en un elemento unichar en un documento XML dise\u00f1ado con '"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-91"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.31",
"matchCriteriaId": "75D6540D-C28F-433B-8166-9FEDFD74E7E2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://pastebin.com/5MicRrr4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2020/CVE-2020-354xx/CVE-2020-35427.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-35427",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-07-20T14:15:07.787",
"lastModified": "2021-09-21T15:46:43.673",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_record_management_system_project:employee_record_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "247DF625-799B-4B2E-84A7-26B919D98A06"
"criteria": "cpe:2.3:a:phpgurukul:employee_record_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3164E51C-891A-45F6-977E-15FE8F40824C"
}
]
}

10
CVE-2021/CVE-2021-377xx/CVE-2021-37781.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-37781",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-28T15:15:13.753",
"lastModified": "2022-10-28T18:32:29.700",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php."
},
{
"lang": "es",
"value": "Employee Record Management System v 1.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de editempprofile.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_record_management_system_project:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88717119-B0B9-4149-994C-8E65C00096AD"
"criteria": "cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78DEEB05-D38F-4F67-8CBF-DFA39A3C1AF1"
}
]
}

10
CVE-2021/CVE-2021-377xx/CVE-2021-37782.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-37782",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-28T15:15:14.050",
"lastModified": "2022-10-28T18:33:35.557",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php."
},
{
"lang": "es",
"value": "Employee Record Management System v 1.2 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de editempprofile.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_record_management_system_project:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88717119-B0B9-4149-994C-8E65C00096AD"
"criteria": "cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78DEEB05-D38F-4F67-8CBF-DFA39A3C1AF1"
}
]
}

6
CVE-2021/CVE-2021-434xx/CVE-2021-43451.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-43451",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-01T19:15:07.747",
"lastModified": "2021-12-22T17:23:28.577",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_record_management_system_project:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88717119-B0B9-4149-994C-8E65C00096AD"
"criteria": "cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78DEEB05-D38F-4F67-8CBF-DFA39A3C1AF1"
}
]
}

6
CVE-2021/CVE-2021-449xx/CVE-2021-44965.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-44965",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-13T15:15:08.263",
"lastModified": "2021-12-17T01:35:27.840",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_record_management_system_project:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88717119-B0B9-4149-994C-8E65C00096AD"
"criteria": "cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78DEEB05-D38F-4F67-8CBF-DFA39A3C1AF1"
}
]
}

6
CVE-2021/CVE-2021-449xx/CVE-2021-44966.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-44966",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-13T15:15:08.313",
"lastModified": "2021-12-17T01:49:48.227",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_record_management_system_project:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88717119-B0B9-4149-994C-8E65C00096AD"
"criteria": "cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78DEEB05-D38F-4F67-8CBF-DFA39A3C1AF1"
}
]
}

12
CVE-2022/CVE-2022-404xx/CVE-2022-40433.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40433",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:24.010",
"lastModified": "2023-08-31T00:37:13.927",
"lastModified": "2023-09-25T17:23:18.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]

63
CVE-2023/CVE-2023-06xx/CVE-2023-0625.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-0625",
"sourceIdentifier": "security@docker.com",
"published": "2023-09-25T16:15:13.153",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.\n\nThis issue affects Docker Desktop: before 4.12.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-829"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4120",
"source": "security@docker.com"
}
]
}

55
CVE-2023/CVE-2023-06xx/CVE-2023-0626.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0626",
"sourceIdentifier": "security@docker.com",
"published": "2023-09-25T16:15:13.303",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.\n\nThis issue affects Docker Desktop: before 4.12.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4120",
"source": "security@docker.com"
}
]
}

55
CVE-2023/CVE-2023-06xx/CVE-2023-0627.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0627",
"sourceIdentifier": "security@docker.com",
"published": "2023-09-25T16:15:13.377",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-501"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4120",
"source": "security@docker.com"
}
]
}

55
CVE-2023/CVE-2023-06xx/CVE-2023-0633.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0633",
"sourceIdentifier": "security@docker.com",
"published": "2023-09-25T16:15:13.463",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4120",
"source": "security@docker.com"
}
]
}

62
CVE-2023/CVE-2023-220xx/CVE-2023-22024.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22024",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-09-20T21:15:11.143",
"lastModified": "2023-09-20T22:23:12.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:09:40.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "En Unbreakable Enterprise Kernel (UEK), el m\u00f3dulo RDS en UEK tiene dos opciones setsockopt(2), RDS_CONN_RESET y RDS6_CONN_RESET, que no son reentrantes. Un usuario local malicioso con CAP_NET_ADMIN puede usar esto para bloquear el kernel. CVSS 3.1 Puntuaci\u00f3n base 5,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@ -34,10 +38,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:vm_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D35438D-A463-4FAE-A7EF-3A2AF7D0AA01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*",
"matchCriteriaId": "CA9021D6-6027-42E9-A12D-7EA32C5C63F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:oracle:linux:9:-:*:*:*:*:*:*",
"matchCriteriaId": "9E6116DA-D643-4C6D-8B90-0A41125F1EF0"
}
]
}
]
}
],
"references": [
{
"url": "https://linux.oracle.com/cve/CVE-2023-22024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

129
CVE-2023/CVE-2023-225xx/CVE-2023-22513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22513",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-09-19T17:15:08.017",
"lastModified": "2023-09-19T19:15:51.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:29:59.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,10 +11,32 @@
},
{
"lang": "es",
"value": "Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de Alta gravedad se introdujo en la versi\u00f3n 8.0.0 de Bitbucket Data Center and Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8,5, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Bitbucket Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: Bitbucket Data Center y Server 8.9: actualice a una versi\u00f3n superior o igual a 8.9.5 Bitbucket Data Center y Server 8.10: actualice a una versi\u00f3n mayor o igual a 8.10.5 Bitbucket Data Center y Server 8.11: actualice a una versi\u00f3n mayor o igual a 8.11.4 Bitbucket Data Center y Server 8.12: actualice a una versi\u00f3n mayor o igual a 8.12.2 Bitbucket Data Center y Server 8.13: actualice a una versi\u00f3n mayor o igual a 8.13.1 Bitbucket Data Center y Server 8.14: actualice a una versi\u00f3n mayor o igual a 8.14.0 Bitbucket Data Versi\u00f3n de Center y Server &gt;= 8.0 y &lt; 8.9: actualice a cualquiera de las versiones de correcci\u00f3n enumeradas. Consulte las notas de la versi\u00f3n ([https://confluence.atlassian.com/bitbucketserver/release-notes]). Puede descargar la \u00faltima versi\u00f3n de Bitbucket Data Center and Server desde el centro de descargas ([https://www.atlassian.com/software/bitbucket/download-archives]). Esta vulnerabilidad fue descubierta por un usuario privado y reportada a trav\u00e9s de nuestro programa Bug Bounty."
"value": "Esta vulnerabilidad RCE (Ejecuci\u00f3n Remota de C\u00f3digo) de alta gravedad se introdujo en la versi\u00f3n 8.0.0 de Bitbucket Data Center and Server. Esta vulnerabilidad RCE (Ejecuci\u00f3n Remota de C\u00f3digo), con una puntuaci\u00f3n CVSS de 8,5, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Bitbucket Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: Bitbucket Data Center y Server 8.9: actualice a una versi\u00f3n superior o igual a 8.9.5 Bitbucket Data Center y Server 8.10: actualice a una versi\u00f3n mayor o igual a 8.10.5 Bitbucket Data Center y Server 8.11: actualice a una versi\u00f3n mayor o igual a 8.11.4 Bitbucket Data Center y Server 8.12: actualice a una versi\u00f3n mayor o igual a 8.12.2 Bitbucket Data Center y Server 8.13: actualice a una versi\u00f3n mayor o igual a 8.13.1 Bitbucket Data Center y Server 8.14: actualice a una versi\u00f3n mayor o igual a 8.14.0 Bitbucket Data Versi\u00f3n de Center y Server &gt;= 8.0 y &lt; 8.9: actualice a cualquiera de las versiones de correcci\u00f3n enumeradas. Consulte las notas de la versi\u00f3n (https://confluence.atlassian.com/bitbucketserver/release-notes). Puede descargar la \u00faltima versi\u00f3n de Bitbucket Data Center and Server desde el centro de descargas (https://www.atlassian.com/software/bitbucket/download-archives). Esta vulnerabilidad fue descubierta por un usuario privado y reportada a trav\u00e9s de nuestro programa Bug Bounty."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -38,14 +60,111 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.9.0",
"versionEndExcluding": "8.9.5",
"matchCriteriaId": "94388171-FFA9-43A6-A1DE-02BF1F8B135A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0",
"versionEndExcluding": "8.10.5",
"matchCriteriaId": "84CD120B-01B2-4DF1-BEE5-EBA1227A10FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0",
"versionEndExcluding": "8.11.4",
"matchCriteriaId": "E838EB6C-4F78-46A4-9C7B-302EFCB7E8B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.12.0",
"versionEndExcluding": "8.12.2",
"matchCriteriaId": "96C85A56-2C39-4323-9BB3-B6BB4879D59B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_data_center:8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "631895A8-61D7-43EB-B5C4-C2C24664E090"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.9.0",
"versionEndExcluding": "8.9.5",
"matchCriteriaId": "D5437523-ED8B-4B38-B708-AB58C70F21BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0",
"versionEndExcluding": "8.10.5",
"matchCriteriaId": "2C7B8C0E-371D-4A5B-8D53-C0E718AD9C59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.11.0",
"versionEndExcluding": "8.11.4",
"matchCriteriaId": "325000C6-A67A-48D1-9B9E-C3B26DE41D4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.12.0",
"versionEndExcluding": "8.12.2",
"matchCriteriaId": "C3D174A1-11B4-4F79-905F-C83C08636A8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:bitbucket_server:8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CCB940-EB40-46C4-B475-1FDA559938BB"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/BSERV-14419",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22644",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-09-20T09:15:12.837",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:28:03.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "meissner@suse.de",
"type": "Secondary",
@ -50,10 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2",
"versionEndExcluding": "4.2.50-150300.3.66.5",
"matchCriteriaId": "9B3DA7CC-7111-4DB6-932B-E7256D8940E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3",
"versionEndExcluding": "4.3.58-150400.3.46.4",
"matchCriteriaId": "078E9F14-8272-4136-9174-24F0A8E52C96"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644",
"source": "meissner@suse.de"
"source": "meissner@suse.de",
"tags": [
"Issue Tracking"
]
}
]
}

106
CVE-2023/CVE-2023-235xx/CVE-2023-23567.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2023-23567",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.537",
"lastModified": "2023-09-25T17:56:12.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1729",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-237xx/CVE-2023-23766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23766",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-09-22T15:15:10.557",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:47:12.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
},
{
"source": "product-cna@github.com",
"type": "Secondary",
@ -50,26 +80,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.17",
"matchCriteriaId": "4FCC8642-45E8-438F-8DBD-10E656F6452E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.15",
"matchCriteriaId": "31D9FC1E-D2E1-481A-8FB7-983443B5DB7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.8",
"matchCriteriaId": "4AB3BAC9-225C-4A0F-A2E6-563169E4ECAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.3",
"matchCriteriaId": "275D1327-46DD-4A6F-B64B-F0622DAB7411"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB39318-06F7-4103-812A-C2D16CEDD441"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3",
"source": "product-cna@github.com"
"source": "product-cna@github.com",
"tags": [
"Release Notes"
]
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2408.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2408",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T23:15:08.267",
"lastModified": "2023-05-05T18:33:16.700",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2409.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2409",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T23:15:08.337",
"lastModified": "2023-05-05T18:32:54.917",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2410.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2410",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T23:15:08.397",
"lastModified": "2023-05-05T18:32:35.533",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2411.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2411",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T23:15:08.460",
"lastModified": "2023-05-05T18:32:04.407",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2412.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2412",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-29T00:15:08.857",
"lastModified": "2023-05-05T18:26:27.330",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2413.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2413",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-29T00:15:08.937",
"lastModified": "2023-05-05T18:25:53.750",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2652.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2652",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-11T09:15:09.313",
"lastModified": "2023-05-17T20:47:14.933",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2653.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2653",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-11T09:15:09.723",
"lastModified": "2023-05-17T20:46:59.930",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2656.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2656",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-11T13:15:13.850",
"lastModified": "2023-05-17T13:02:41.120",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2667.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2667",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T07:15:08.627",
"lastModified": "2023-05-19T01:56:31.277",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2668.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2668",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T07:15:08.733",
"lastModified": "2023-05-19T01:56:23.603",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2669.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2669",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T08:15:09.063",
"lastModified": "2023-05-19T01:56:16.017",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -112,8 +112,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2670.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2670",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T08:15:09.130",
"lastModified": "2023-05-19T01:56:35.927",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2671.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2671",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T09:15:10.447",
"lastModified": "2023-05-19T01:56:39.580",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2672.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2672",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T09:15:10.520",
"lastModified": "2023-05-19T01:55:50.923",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2698.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2698",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-14T12:15:09.207",
"lastModified": "2023-05-22T15:58:59.800",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-26xx/CVE-2023-2699.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2699",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-14T12:15:09.267",
"lastModified": "2023-05-22T15:58:18.367",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

106
CVE-2023/CVE-2023-283xx/CVE-2023-28393.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2023-28393",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.640",
"lastModified": "2023-09-25T17:57:45.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1742",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-30xx/CVE-2023-3017.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T15:15:09.627",
"lastModified": "2023-06-07T02:52:51.450",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T15:15:09.713",
"lastModified": "2023-06-07T02:33:45.763",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

73
CVE-2023/CVE-2023-317xx/CVE-2023-31716.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-31716",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:09.757",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:40:36.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log"
},
{
"lang": "es",
"value": "FUXA &lt;= 1.1.12 tiene una vulnerabilidad de inclusi\u00f3n de Archivos Locales a trav\u00e9s de file=fuxa.log"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.12",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31716",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

79
CVE-2023/CVE-2023-317xx/CVE-2023-31717.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-31717",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:11.160",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:42:17.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database."
},
{
"lang": "es",
"value": "Un ataque de inyecci\u00f3n SQL en FUXA &lt;= 1.1.12 permite la filtraci\u00f3n de informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.12",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31717",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://youtu.be/IBMXTEI_5wY",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-317xx/CVE-2023-31718.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-31718",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:11.353",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:43:50.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download."
},
{
"lang": "es",
"value": "FUXA &lt;= 1.1.12 es vulnerable a Local mediante Inclusi\u00f3n v\u00eda /api/download."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.12",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31718",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://youtu.be/VCQkEGntN04",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-317xx/CVE-2023-31719.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-31719",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T00:15:11.480",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:44:19.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin."
},
{
"lang": "es",
"value": "FUXA &lt;= 1.1.12 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /api/signin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.12",
"matchCriteriaId": "DCDFC991-8826-44E3-A950-365B378728EF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-31719",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/frangoteam/FUXA",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://youtu.be/cjb2KYpV6dY",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-31xx/CVE-2023-3176.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3176",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-09T06:16:12.497",
"lastModified": "2023-06-15T22:16:40.580",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-31xx/CVE-2023-3177.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3177",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-09T06:16:12.870",
"lastModified": "2023-06-15T22:17:35.467",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

57
CVE-2023/CVE-2023-321xx/CVE-2023-32182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32182",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-09-19T16:15:09.347",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:32:30.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "meissner@suse.de",
"type": "Secondary",
@ -50,10 +70,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D3E16-E284-40C6-916E-2EE78102BF4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:-:*:*:*",
"matchCriteriaId": "26F5E65A-CC1E-43D7-8181-53ACF3D04D01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5:*:*:*:*:*:*",
"matchCriteriaId": "35EE4FDE-ED2C-49FB-AA39-39C6888B295D"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182",
"source": "meissner@suse.de"
"source": "meissner@suse.de",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-322xx/CVE-2023-32284.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32284",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.723",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1750",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-326xx/CVE-2023-32614.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32614",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.800",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-124"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-326xx/CVE-2023-32653.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32653",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.880",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802",
"source": "talos-cna@cisco.com"
}
]
}

32
CVE-2023/CVE-2023-32xx/CVE-2023-3226.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3226",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.187",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/941a9aa7-f4b2-474a-84d9-9a74c99079e2",
"source": "contact@wpscan.com"
}
]
}

6
CVE-2023/CVE-2023-335xx/CVE-2023-33592.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33592",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.593",
"lastModified": "2023-07-07T04:15:10.590",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Modified",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

55
CVE-2023/CVE-2023-350xx/CVE-2023-35002.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35002",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:14.013",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1760",
"source": "talos-cna@cisco.com"
}
]
}

32
CVE-2023/CVE-2023-35xx/CVE-2023-3547.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3547",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.273",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78",
"source": "contact@wpscan.com"
}
]
}

59
CVE-2023/CVE-2023-35xx/CVE-2023-3550.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3550",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-25T16:15:14.347",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mediawiki v1.40.0 does not validate namespaces used in XML files.\n\nTherefore, if the instance administrator allows XML file uploads,\n\na remote attacker with a low-privileged user account can use this\n\nexploit to become an administrator by sending a malicious link to\n\nthe instance administrator.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/blondie/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.mediawiki.org/wiki/MediaWiki/",
"source": "help@fluidattacks.com"
}
]
}

6
CVE-2023/CVE-2023-361xx/CVE-2023-36159.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36159",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.587",
"lastModified": "2023-08-09T21:15:10.677",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Modified",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3619.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3619",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-11T16:15:12.150",
"lastModified": "2023-07-18T20:19:24.227",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -112,8 +112,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3657.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3657",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T10:15:09.643",
"lastModified": "2023-07-25T15:05:56.500",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3658.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3658",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T11:15:09.340",
"lastModified": "2023-07-25T19:00:21.943",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3659.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3659",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T11:15:09.417",
"lastModified": "2023-07-25T18:59:54.670",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3661.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3661",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T12:15:09.470",
"lastModified": "2023-07-25T19:02:46.437",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

32
CVE-2023/CVE-2023-36xx/CVE-2023-3664.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3664",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.430",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f",
"source": "contact@wpscan.com"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3678.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3678",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-15T08:15:42.537",
"lastModified": "2023-07-25T14:11:55.420",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3679.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3679",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-15T09:15:09.403",
"lastModified": "2023-07-25T14:14:42.570",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3680.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3680",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-15T09:15:09.803",
"lastModified": "2023-07-25T14:15:03.503",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

93
CVE-2023/CVE-2023-383xx/CVE-2023-38343.json
View File

@ -2,23 +2,106 @@
"id": "CVE-2023-38343",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T21:15:09.747",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:09:47.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad XXE (inyecci\u00f3n de entidad externa XML) en el componente CSEP de Ivanti Endpoint Manager antes de 2022 SU4. Las referencias a entidades externas est\u00e1n habilitadas en la configuraci\u00f3n del analizador XML. La explotaci\u00f3n de esta vulnerabilidad puede provocar la divulgaci\u00f3n de archivos o Server Side Request Forgery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022",
"matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
"matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
"matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
"matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/bhyahoo/4772330b20057a271f77e690bc70f928",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.ivanti.com/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

93
CVE-2023/CVE-2023-383xx/CVE-2023-38344.json
View File

@ -2,23 +2,106 @@
"id": "CVE-2023-38344",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T21:15:10.877",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:04:57.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Ivanti Endpoint Manager antes de 2022 SU4. Existe una vulnerabilidad de divulgaci\u00f3n de archivos en la acci\u00f3n SOAP GetFileContents expuesta a trav\u00e9s de /landesk/managementsuite/core/core.secure/OsdScript.asmx. La aplicaci\u00f3n no restringe suficientemente las rutas proporcionadas por el usuario, lo que permite que un atacante autenticado lea archivos arbitrarios desde un sistema remoto, incluida la clave privada utilizada para autenticarse ante agentes para acceso remoto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022",
"matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
"matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
"matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
"matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/bhyahoo/76533e91840200a1d9f3fb1eb87eb0f1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.ivanti.com/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

6
CVE-2023/CVE-2023-38xx/CVE-2023-3850.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3850",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-23T10:15:09.657",
"lastModified": "2023-07-31T17:05:56.350",
"lastModified": "2023-09-25T16:46:20.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
"criteria": "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF403B-DF0C-4796-8B10-689075DC8A35"
}
]
}

68
CVE-2023/CVE-2023-390xx/CVE-2023-39044.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-39044",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T18:15:12.330",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:36:04.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
},
{
"lang": "es",
"value": "Una filtraci\u00f3n de informaci\u00f3n en ajino-Shiretoko Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ajino-shiretoko_project:ajino-shiretoko:13.6.1:*:*:*:*:line:*:*",
"matchCriteriaId": "20DC3E09-3A69-4226-ABCD-B9DC3B1102AC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-394xx/CVE-2023-39407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39407",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T09:15:10.397",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:15:48.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Watchkit tiene el riesgo de acceso no autorizado a archivos. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad y la integridad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -27,10 +60,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
}
]
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-394xx/CVE-2023-39408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39408",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T09:15:10.690",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:16:53.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad DoS en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -27,14 +60,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-394xx/CVE-2023-39409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39409",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T11:15:12.447",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:25:23.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad DoS en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -27,14 +60,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-394xx/CVE-2023-39453.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39453",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:14.093",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1830",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40163.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40163",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:14.507",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1836",
"source": "talos-cna@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-40xx/CVE-2023-4088.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4088",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-09-20T03:15:13.687",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:28:53.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@ -50,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-412xx/CVE-2023-41293.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-41293",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:10.727",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:10:42.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality."
},
{
"lang": "es",
"value": "Vulnerabilidad de clasificaci\u00f3n de seguridad de datos en el m\u00f3dulo DDMP. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -23,14 +60,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-412xx/CVE-2023-41294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41294",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:10.827",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:59:10.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "El m\u00f3dulo DP tiene una vulnerabilidad de secuestro de servicios. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar algunos servicios de Super Device."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
}
]
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-412xx/CVE-2023-41296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41296",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:10.957",
"lastModified": "2023-09-25T12:48:30.333",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T17:19:10.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en el m\u00f3dulo del kernel. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la integridad y la confidencialidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -27,14 +60,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-412xx/CVE-2023-41297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41297",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:11.033",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:41:16.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Vulnerabilidad de defectos introducidos en el proceso de dise\u00f1o en el m\u00f3dulo HiviewTunner. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar el secuestro del servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-412xx/CVE-2023-41298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41298",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:11.090",
"lastModified": "2023-09-25T12:53:29.640",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T17:30:38.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,98 @@
"value": "Vulnerabilidad del control de permisos en el m\u00f3dulo de ventana. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-412xx/CVE-2023-41299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41299",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:11.147",
"lastModified": "2023-09-25T12:54:53.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T17:31:55.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad DoS en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -27,14 +60,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-413xx/CVE-2023-41300.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-41300",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.037",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:13:18.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart."
},
{
"lang": "es",
"value": "Vulnerabilidad de par\u00e1metros que no se verifican estrictamente en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie.v"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -23,14 +60,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-413xx/CVE-2023-41301.json
View File

@ -2,23 +2,115 @@
"id": "CVE-2023-41301",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.250",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:14:55.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally."
},
{
"lang": "es",
"value": "Vulnerabilidad de acceso API no autorizado en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que las funciones funcionen de manera anormal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-413xx/CVE-2023-41302.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-41302",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.323",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:23:27.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally."
},
{
"lang": "es",
"value": "Vulnerabilidad de verificaci\u00f3n de permisos de redirecci\u00f3n en el m\u00f3dulo de pantalla de inicio. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que las funciones funcionen de manera anormal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -23,14 +60,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-413xx/CVE-2023-41303.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-41303",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.557",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T17:37:26.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos en el m\u00f3dulo del sistema de archivos distribuido. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que se modifiquen variables en la estructura del sock."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -23,14 +60,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
}
]
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

148
CVE-2023/CVE-2023-419xx/CVE-2023-41991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41991",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.283",
"lastModified": "2023-09-23T03:15:21.467",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:17:24.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,51 +14,171 @@
"value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. Es posible que una aplicaci\u00f3n maliciosa pueda omitir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "0379BAF3-B879-4710-A2B6-97CA03B19373"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F45FD5-BD2C-41B5-ADCA-D7F99A0FD4A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6",
"matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.6.3",
"matchCriteriaId": "87E56518-DB8C-4F2F-8928-F9A074FB4B91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "894D48EB-A3F0-4EAC-8FF0-59F5C5B85A27"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/14",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/15",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/16",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/17",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/19",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213926",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213928",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213929",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213926",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

165
CVE-2023/CVE-2023-419xx/CVE-2023-41992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41992",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.520",
"lastModified": "2023-09-23T03:15:22.137",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:43:16.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,59 +14,192 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. Un atacante local podr\u00eda aumentar sus privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "0379BAF3-B879-4710-A2B6-97CA03B19373"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F45FD5-BD2C-41B5-ADCA-D7F99A0FD4A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.7",
"matchCriteriaId": "F05757BB-26B5-40A5-B37C-577706EA11C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6",
"matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.6.3",
"matchCriteriaId": "87E56518-DB8C-4F2F-8928-F9A074FB4B91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "894D48EB-A3F0-4EAC-8FF0-59F5C5B85A27"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/14",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/15",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/16",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/17",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/18",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/19",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213926",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213928",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213929",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213926",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

116
CVE-2023/CVE-2023-419xx/CVE-2023-41993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41993",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.660",
"lastModified": "2023-09-23T03:15:22.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:47:20.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,35 +14,131 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, iOS 17.0.1 y iPadOS 17.0.1, Safari 16.6.1. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6.1",
"matchCriteriaId": "16D97A63-468F-462E-BB16-47C4C4D904C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "0379BAF3-B879-4710-A2B6-97CA03B19373"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F45FD5-BD2C-41B5-ADCA-D7F99A0FD4A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/13",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/14",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/15",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/19",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213926",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213930",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-41xx/CVE-2023-4148.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4148",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.760",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/aa39de78-55b3-4237-84db-6fdf6820c58d",
"source": "contact@wpscan.com"
}
]
}

68
CVE-2023/CVE-2023-422xx/CVE-2023-42280.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-42280",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T19:15:11.823",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T17:06:48.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading."
},
{
"lang": "es",
"value": "mee-admin 1.5 es vulnerable a Directory Traversal. El m\u00e9todo de descarga en el archivo CommonFileController.java no verifica los datos entrantes, lo que resulta en una lectura arbitraria del archivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:springernature:mee-admin:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBA37D1-9483-4D09-BE3C-7BA2744EB89E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/anyfiledown-en.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-424xx/CVE-2023-42458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42458",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:22.483",
"lastModified": "2023-09-22T15:15:12.590",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:05:03.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,22 +74,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.10",
"matchCriteriaId": "9E52EB57-D398-4D1B-8AB1-7D2B97991DC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.8.5",
"matchCriteriaId": "D9C57E3B-BC61-4FAF-A431-4E9C9402F251"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-428xx/CVE-2023-42805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.353",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:32:35.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,22 +80,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*",
"versionEndExcluding": "0.9.5",
"matchCriteriaId": "07C6E078-CA32-421C-AE0F-8944E40E0127"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "0.10.0",
"versionEndExcluding": "0.10.5",
"matchCriteriaId": "DD6B8751-AFF1-470F-8F1F-D5266891D2FB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/quinn-rs/quinn/pull/1667",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1668",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1669",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-428xx/CVE-2023-42807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42807",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.950",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:34:41.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe_lms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.0",
"matchCriteriaId": "8CD0BCAA-25DC-4778-9717-E088FFA8DF18"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4238.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4238",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.837",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638f",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4281.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4281",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.923",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49",
"source": "contact@wpscan.com"
}
]
}

4
CVE-2023/CVE-2023-431xx/CVE-2023-43131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43131",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T15:15:10.567",
"lastModified": "2023-09-25T15:15:10.567",
"vulnStatus": "Received",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-431xx/CVE-2023-43141.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43141",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T16:15:14.587",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control."
}
],
"metrics": {},
"references": [
{
"url": "http://totolink.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blue-And-White/vul/blob/main/Iot/TOTOLINK/1/readme.md",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-431xx/CVE-2023-43144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T15:15:12.827",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T16:45:30.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Projectworldsl Assets-management-system-in-php 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \"id\" en delete.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:asset_management_system_project_in_php:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "025FA6B8-8B8C-435A-90FF-FAE7DA881F1C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

73
CVE-2023/CVE-2023-432xx/CVE-2023-43256.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-43256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T14:15:10.690",
"lastModified": "2023-09-25T14:15:10.690",
"vulnStatus": "Received",
"lastModified": "2023-09-25T17:34:36.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input."
},
{
"lang": "es",
"value": "Un recorrido de ruta en Gladys Assistant v4.26.1 y versiones anteriores permite a atacantes autenticados extraer archivos confidenciales en la m\u00e1quina host aprovechando una entrada de usuario no desinfectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gladysassistant:gladys_assistant:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.26.1",
"matchCriteriaId": "591E0441-B35C-40CF-A781-CC40F7C2B582"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.moku.fr/cves/CVE-unassigned/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/GladysAssistant/Gladys/commit/f27d0ea4689c3deca5739b5f9ed45a2ddbf00b7b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

28
CVE-2023/CVE-2023-433xx/CVE-2023-43339.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-43339",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T16:15:14.640",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components."
}
],
"metrics": {},
"references": [
{
"url": "http://www.cmsmadesimple.org/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-433xx/CVE-2023-43382.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-43382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T16:15:14.703",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function."
}
],
"metrics": {},
"references": [
{
"url": "https://aecous.github.io/2023/09/17/Text/?password=Aecous",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7",
"source": "cve@mitre.org"
},
{
"url": "https://gitee.com/iteachyou/dreamer_cms/issues/I821AI",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-434xx/CVE-2023-43456.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-43456",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T15:15:10.687",
"lastModified": "2023-09-25T15:29:07.907",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T17:57:14.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:service_provider_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C20DC3-D0C4-4D07-A2AA-8057A70FC448"
}
]
}
]
}
],
"references": [
{
"url": "https://samh4cks.github.io/posts/cve-2023-43456/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.sourcecodester.com/users/tips23",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

62
CVE-2023/CVE-2023-436xx/CVE-2023-43630.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43630",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-20T15:15:11.877",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T16:13:35.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201d key, but\ndue to the change that was implemented in commit\n\u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, fixing this issue alone would not solve the\nproblem of the config partition not being measured correctly.\n\nAlso, the \u201cvault\u201d key is sealed/unsealed with SHA1 PCRs instead of\nSHA256. \nThis issue was somewhat mitigated due to all of the PCR extend functions\nupdating both the values of SHA256 and SHA1 for a given PCR ID.\n\nHowever, due to the change that was implemented in commit\n\u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, this is no longer the case for PCR14, as\nthe code in \u201cmeasurefs.go\u201d explicitly updates only the SHA256 instance of PCR14, which\nmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the \u201cvault\u201d\nkey, changes to the config partition would still not be measured.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted \u201cvault\u201d \n\n\n\n\n"
},
{
"lang": "es",
"value": "PCR14 no est\u00e1 en la lista de PCRs que sella/abre la clave de \u201cvault\u201d, pero debido al cambio que se implement\u00f3 en la confirmaci\u00f3n \u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, solucionar este problema por s\u00ed solo no resolver\u00eda el problema de que la partici\u00f3n de configuraci\u00f3n no se mida correctamente. Adem\u00e1s, la clave de la \"vault\" se sella/se abre con PCRs SHA1 en lugar de SHA256. Este problema se mitig\u00f3 en cierta medida debido a que todas las funciones de extensi\u00f3n de PCR actualizaron los valores de SHA256 y SHA1 para una ID de PCR determinada. Sin embargo, debido al cambio que se implement\u00f3 en la confirmaci\u00f3n \"7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\", este ya no es el caso para PCR14, ya que el c\u00f3digo en \"measurefs.go\" actualiza expl\u00edcitamente solo la instancia SHA256 de PCR14, lo que significa que incluso si PCR14 fuera Si se agregara a la lista de PCRs que sellan o abren la clave de \u201cvault\u201d, los cambios en la partici\u00f3n de configuraci\u00f3n a\u00fan no se medir\u00edan. Un atacante podr\u00eda modificar la partici\u00f3n de configuraci\u00f3n sin activar el arranque medido, lo que podr\u00eda dar como resultado que el atacante obtenga control total sobre el dispositivo con acceso completo al contenido de la \"vault\" cifrada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -54,10 +88,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linuxfoundation:edge_virtualization_engine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.5.0",
"matchCriteriaId": "D19A1245-092C-478C-BB01-23F91A227B3F"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More