admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-12T22:00:24.410600+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-12 22:00:27 +00:00
parent 7fc71b11c1
commit 7e39698d86
15 changed files with 724 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2022/CVE-2022-229xx/CVE-2022-22988.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-22988",
"sourceIdentifier": "psirt@wdc.com",
"published": "2022-01-13T21:15:08.803",
"lastModified": "2022-01-21T02:13:23.617",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-12T21:15:11.057",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources."
"value": "File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.\u00a0\n\n"
},
{
"lang": "es",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.8
"impactScore": 5.2
}
],
"cvssMetricV2": [

20
CVE-2022/CVE-2022-229xx/CVE-2022-22989.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-22989",
"sourceIdentifier": "psirt@wdc.com",
"published": "2022-01-13T21:15:08.863",
"lastModified": "2022-01-21T17:00:26.003",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-12T21:15:11.200",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues."
"value": "My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.\n\n"
},
{
"lang": "es",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.0,
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 5.8
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [

20
CVE-2023/CVE-2023-236xx/CVE-2023-23632.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-23632",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T20:15:12.187",
"lastModified": "2023-10-12T20:15:12.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret."
}
],
"metrics": {},
"references": [
{
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt",
"source": "cve@mitre.org"
}
]
}

62
CVE-2023/CVE-2023-256xx/CVE-2023-25604.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25604",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:11.083",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T20:23:02.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs."
},
{
"lang": "es",
"value": "Una inserci\u00f3n de informaci\u00f3n confidencial en una vulnerabilidad del archivo de registro en Fortinet FortiGuest 1.0.0 permite a un atacante local acceder a contrase\u00f1as de texto plano en los registros RADIUS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiguest:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C51D65F-0761-4072-A6C8-833E57915C23"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-052",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-256xx/CVE-2023-25607.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25607",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:11.147",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T20:30:55.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC\u00a0 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe\u00a0usage of the wordexp function."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') [CWE-78] en: \nFortiManager 7.2.0 hasta 7.2.2, 7.0.0 hasta 7.0.7, 6.4.0 hasta 6.4.11, 6.2 todas las versiones, 6.0 todas las versiones, \nFortiAnalyzer 7.2.0 hasta 7.2.2, 7.0.0 hasta 7.0.7, 6.4.0 hasta 6.4.11, 6.2 todas las versiones, 6.0 todas las versiones y \nFortiADC 7.1.0, 7.0.0 hasta 7.0.3, 6.2 todas las versiones, 6.1 todas las versiones, 6.0 todas las versiones. \nLa interfaz de administraci\u00f3n puede permitir que un atacante autenticado con al menos permisos de LECTURA en la configuraci\u00f3n del sistema ejecute comandos arbitrarios en el shell subyacente debido a un uso inseguro de la funci\u00f3n wordexp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,151 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.4",
"matchCriteriaId": "3ADB57D8-1ABE-4401-B1B0-4640A34C555A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndIncluding": "6.1.6",
"matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.6",
"matchCriteriaId": "F5275C5C-B6FD-4456-B143-ECDD282150C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.3",
"matchCriteriaId": "4488C266-0436-40AD-BD99-A228787285AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.12",
"matchCriteriaId": "2318A6AC-AA3E-4604-968C-35A46E79FCB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.12",
"matchCriteriaId": "285EC81A-34F0-4153-82DE-6A49C05EB240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.11",
"matchCriteriaId": "337E7B95-CC70-41BB-8F0A-FE40D39F23DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.7",
"matchCriteriaId": "4EC99242-BA69-4046-A981-E37ACDC62D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD88F7C-8136-4CFF-AF1E-9AE928878C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9DDF78-DBFF-43B9-A4ED-145029ED9B1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.12",
"matchCriteriaId": "8DFFD873-3F9B-41D8-92E6-09F84712BCE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.12",
"matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.11",
"matchCriteriaId": "6DA1F7EC-363D-432C-9225-3A217D9F3CBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.7",
"matchCriteriaId": "A57331B0-1B5B-4E70-BD82-E87715CDD921"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "407755AA-0C23-4C5B-88A2-8BC12A3D268D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0A1111-4054-4C7B-B333-E13A8684207B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81E5E264-0F74-4C45-BC90-384E572A14B8"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-352",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

140
CVE-2023/CVE-2023-379xx/CVE-2023-37939.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37939",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:12.333",
"lastModified": "2023-10-10T17:52:09.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T20:21:29.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning."
},
{
"lang": "es",
"value": "Una exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en FortiClient para Windows 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, Linux 7.2.0, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas y Mac 7.2.0 a 7.2.1, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones, pueden permitir que un atacante local autenticado sin privilegios administrativos recupere la lista de archivos o carpetas excluidas del an\u00e1lisis de malware."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,120 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.9",
"matchCriteriaId": "2F0755CA-2961-4F74-8044-761178AB0312"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.9",
"matchCriteriaId": "6EE22D2E-DE73-47FE-91DE-4C4B8FDB4C0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.9",
"matchCriteriaId": "C5601CD7-A7CE-4FC5-A635-B20B415DC8C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.9",
"matchCriteriaId": "16EB2BBF-5729-41B5-A093-36E4B2A2C90A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.10",
"matchCriteriaId": "525ECB5F-0FCE-4C9C-B939-66667367F573"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.10",
"matchCriteriaId": "4C015491-F83B-4569-B0BB-0877C1D89C66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "8F15899F-6A19-4FD6-B736-C42F377B2F90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "F1C94527-471A-40B2-9030-6243BAE86579"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "8E16F30C-4167-462E-B67E-6B8A449CC591"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "88271718-0DD4-4717-B403-1B44E2E56C91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "21028180-8FA9-43B3-AE71-D4967E7B7DE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "CEC62C6E-AA05-4AE9-86C5-47D6763206AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:macos:*:*",
"matchCriteriaId": "D1BD3792-2AE7-47F9-94E5-376C298EE437"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-235",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-418xx/CVE-2023-41841.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41841",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:12.813",
"lastModified": "2023-10-10T17:52:09.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T20:38:09.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n inadecuada en Fortinet FortiOS 7.0.0 - 7.0.11 y 7.2.0 - 7.2.4 permite que un atacante que pertenece al perfil prof-admin realice acciones elevadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.11",
"matchCriteriaId": "C2573C90-BE6A-4D5D-A223-F09213318909"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.4",
"matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-318",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-431xx/CVE-2023-43191.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-43191",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.960",
"lastModified": "2023-10-02T13:18:20.010",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-12T20:15:12.287",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft"
"value": "SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft"
},
{
"lang": "es",

10
CVE-2023/CVE-2023-431xx/CVE-2023-43192.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-43192",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T22:15:09.700",
"lastModified": "2023-10-02T14:27:43.647",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-12T20:15:12.387",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement."
"value": "SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement."
},
{
"lang": "es",
@ -75,6 +75,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/etn0tw/cve_sql/blob/main/springbootcms_sql.md",
"source": "cve@mitre.org"
}
]
}

123
CVE-2023/CVE-2023-442xx/CVE-2023-44249.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44249",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:13.047",
"lastModified": "2023-10-10T17:52:09.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T20:35:13.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass through user-controlled key\u00a0[CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario [CWE-639] en Fortinet FortiManager versi\u00f3n 7.4.0 y anteriores a 7.2.3 y FortiAnalyzer versi\u00f3n 7.4.0 y anteriores a 7.2.3 permite a un atacante remoto con privilegios bajos leer informaci\u00f3n confidencial a trav\u00e9s de solicitudes HTTP manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,103 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.12",
"matchCriteriaId": "285EC81A-34F0-4153-82DE-6A49C05EB240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.13",
"matchCriteriaId": "56D6A507-5B18-4F62-9B08-98122FB2F23B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "CCE23C15-B42C-48DF-9435-27D5143F0B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.12",
"matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.13",
"matchCriteriaId": "B632AF2E-739B-4EBA-8780-8AE999C62F3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "FA1523A4-BC32-4618-897D-9B5709512FBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-201",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-455xx/CVE-2023-45510.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45510",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T21:15:11.373",
"lastModified": "2023-10-12T21:15:11.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/justdan96/tsMuxer",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/justdan96/tsMuxer/issues/778",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-455xx/CVE-2023-45511.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45511",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T21:15:11.437",
"lastModified": "2023-10-12T21:15:11.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/justdan96/tsMuxer",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/justdan96/tsMuxer/issues/780",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-50xx/CVE-2023-5072.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5072",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-12T17:15:10.187",
"lastModified": "2023-10-12T19:42:47.127",
"lastModified": "2023-10-12T20:15:12.477",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Denial of Service in JSON-Java versions prior to 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u00a0\n"
"value": "Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u00a0\n"
}
],
"metrics": {

55
CVE-2023/CVE-2023-55xx/CVE-2023-5562.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5562",
"sourceIdentifier": "security@knime.com",
"published": "2023-10-12T20:15:12.583",
"lastModified": "2023-10-12T20:15:12.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently.\n\n\n\n\nKNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks.\n\n\nKNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@knime.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@knime.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.knime.com/security/advisories#CVE-2023-5562",
"source": "security@knime.com"
}
]
}

55
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-12T20:00:24.468329+00:00
2023-10-12T22:00:24.410600+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-12T19:59:17.273000+00:00
2023-10-12T21:15:11.437000+00:00
```
### Last Data Feed Release
@ -29,50 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227686
227690
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `4`
* [CVE-2023-37637](CVE-2023/CVE-2023-376xx/CVE-2023-37637.json) (`2023-10-12T18:15:10.140`)
* [CVE-2023-43149](CVE-2023/CVE-2023-431xx/CVE-2023-43149.json) (`2023-10-12T18:15:10.943`)
* [CVE-2023-27312](CVE-2023/CVE-2023-273xx/CVE-2023-27312.json) (`2023-10-12T19:15:11.537`)
* [CVE-2023-27313](CVE-2023/CVE-2023-273xx/CVE-2023-27313.json) (`2023-10-12T19:15:11.653`)
* [CVE-2023-27314](CVE-2023/CVE-2023-273xx/CVE-2023-27314.json) (`2023-10-12T19:15:11.747`)
* [CVE-2023-43148](CVE-2023/CVE-2023-431xx/CVE-2023-43148.json) (`2023-10-12T19:15:12.013`)
* [CVE-2023-23632](CVE-2023/CVE-2023-236xx/CVE-2023-23632.json) (`2023-10-12T20:15:12.187`)
* [CVE-2023-5562](CVE-2023/CVE-2023-55xx/CVE-2023-5562.json) (`2023-10-12T20:15:12.583`)
* [CVE-2023-45510](CVE-2023/CVE-2023-455xx/CVE-2023-45510.json) (`2023-10-12T21:15:11.373`)
* [CVE-2023-45511](CVE-2023/CVE-2023-455xx/CVE-2023-45511.json) (`2023-10-12T21:15:11.437`)
### CVEs modified in the last Commit
Recently modified CVEs: `57`
Recently modified CVEs: `10`
* [CVE-2023-4570](CVE-2023/CVE-2023-45xx/CVE-2023-4570.json) (`2023-10-12T18:38:41.030`)
* [CVE-2023-41684](CVE-2023/CVE-2023-416xx/CVE-2023-41684.json) (`2023-10-12T18:41:06.240`)
* [CVE-2023-41694](CVE-2023/CVE-2023-416xx/CVE-2023-41694.json) (`2023-10-12T18:42:03.957`)
* [CVE-2023-5471](CVE-2023/CVE-2023-54xx/CVE-2023-5471.json) (`2023-10-12T18:54:46.000`)
* [CVE-2023-41853](CVE-2023/CVE-2023-418xx/CVE-2023-41853.json) (`2023-10-12T18:55:48.830`)
* [CVE-2023-41852](CVE-2023/CVE-2023-418xx/CVE-2023-41852.json) (`2023-10-12T18:58:57.587`)
* [CVE-2023-43785](CVE-2023/CVE-2023-437xx/CVE-2023-43785.json) (`2023-10-12T19:03:12.133`)
* [CVE-2023-41851](CVE-2023/CVE-2023-418xx/CVE-2023-41851.json) (`2023-10-12T19:04:02.990`)
* [CVE-2023-41850](CVE-2023/CVE-2023-418xx/CVE-2023-41850.json) (`2023-10-12T19:05:21.280`)
* [CVE-2023-44241](CVE-2023/CVE-2023-442xx/CVE-2023-44241.json) (`2023-10-12T19:09:34.853`)
* [CVE-2023-5468](CVE-2023/CVE-2023-54xx/CVE-2023-5468.json) (`2023-10-12T19:11:08.780`)
* [CVE-2023-44995](CVE-2023/CVE-2023-449xx/CVE-2023-44995.json) (`2023-10-12T19:13:44.993`)
* [CVE-2023-29338](CVE-2023/CVE-2023-293xx/CVE-2023-29338.json) (`2023-10-12T19:15:11.897`)
* [CVE-2023-44994](CVE-2023/CVE-2023-449xx/CVE-2023-44994.json) (`2023-10-12T19:16:51.850`)
* [CVE-2023-41659](CVE-2023/CVE-2023-416xx/CVE-2023-41659.json) (`2023-10-12T19:18:13.650`)
* [CVE-2023-44476](CVE-2023/CVE-2023-444xx/CVE-2023-44476.json) (`2023-10-12T19:26:41.407`)
* [CVE-2023-44475](CVE-2023/CVE-2023-444xx/CVE-2023-44475.json) (`2023-10-12T19:42:15.347`)
* [CVE-2023-45133](CVE-2023/CVE-2023-451xx/CVE-2023-45133.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-45138](CVE-2023/CVE-2023-451xx/CVE-2023-45138.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-45142](CVE-2023/CVE-2023-451xx/CVE-2023-45142.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-45143](CVE-2023/CVE-2023-451xx/CVE-2023-45143.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-44471](CVE-2023/CVE-2023-444xx/CVE-2023-44471.json) (`2023-10-12T19:47:22.937`)
* [CVE-2023-44470](CVE-2023/CVE-2023-444xx/CVE-2023-44470.json) (`2023-10-12T19:50:34.870`)
* [CVE-2023-37935](CVE-2023/CVE-2023-379xx/CVE-2023-37935.json) (`2023-10-12T19:59:17.273`)
* [CVE-2022-22988](CVE-2022/CVE-2022-229xx/CVE-2022-22988.json) (`2023-10-12T21:15:11.057`)
* [CVE-2022-22989](CVE-2022/CVE-2022-229xx/CVE-2022-22989.json) (`2023-10-12T21:15:11.200`)
* [CVE-2023-43191](CVE-2023/CVE-2023-431xx/CVE-2023-43191.json) (`2023-10-12T20:15:12.287`)
* [CVE-2023-43192](CVE-2023/CVE-2023-431xx/CVE-2023-43192.json) (`2023-10-12T20:15:12.387`)
* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-10-12T20:15:12.477`)
* [CVE-2023-37939](CVE-2023/CVE-2023-379xx/CVE-2023-37939.json) (`2023-10-12T20:21:29.103`)
* [CVE-2023-25604](CVE-2023/CVE-2023-256xx/CVE-2023-25604.json) (`2023-10-12T20:23:02.177`)
* [CVE-2023-25607](CVE-2023/CVE-2023-256xx/CVE-2023-25607.json) (`2023-10-12T20:30:55.903`)
* [CVE-2023-44249](CVE-2023/CVE-2023-442xx/CVE-2023-44249.json) (`2023-10-12T20:35:13.497`)
* [CVE-2023-41841](CVE-2023/CVE-2023-418xx/CVE-2023-41841.json) (`2023-10-12T20:38:09.057`)
## Download and Usage