admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 03:02:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-12T20:00:24.468329+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-12 20:00:28 +00:00
parent f0405b987e
commit 7fc71b11c1
64 changed files with 3276 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-174xx/CVE-2020-17467.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-17467",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-11T23:15:13.557",
"lastModified": "2020-12-18T02:23:35.177",
"lastModified": "2023-10-12T18:31:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fnet_project:fnet:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.4",
"matchCriteriaId": "DE67EBDA-794F-4D06-AC31-B24F8ECFEA6D"
"matchCriteriaId": "F8E2831C-6C9A-4130-8993-2E5DF9F8F6F3"
}
]
}

6
CVE-2020/CVE-2020-174xx/CVE-2020-17468.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-17468",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-11T23:15:13.620",
"lastModified": "2020-12-17T19:33:24.233",
"lastModified": "2023-10-12T18:31:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fnet_project:fnet:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.4",
"matchCriteriaId": "DE67EBDA-794F-4D06-AC31-B24F8ECFEA6D"
"matchCriteriaId": "F8E2831C-6C9A-4130-8993-2E5DF9F8F6F3"
}
]
}

6
CVE-2020/CVE-2020-174xx/CVE-2020-17469.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-17469",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-11T23:15:13.683",
"lastModified": "2021-07-21T11:39:23.747",
"lastModified": "2023-10-12T18:31:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fnet_project:fnet:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.4",
"matchCriteriaId": "DE67EBDA-794F-4D06-AC31-B24F8ECFEA6D"
"matchCriteriaId": "F8E2831C-6C9A-4130-8993-2E5DF9F8F6F3"
}
]
}

6
CVE-2020/CVE-2020-174xx/CVE-2020-17470.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-17470",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-11T23:15:13.747",
"lastModified": "2021-07-21T11:39:23.747",
"lastModified": "2023-10-12T18:31:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fnet_project:fnet:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.4",
"matchCriteriaId": "DE67EBDA-794F-4D06-AC31-B24F8ECFEA6D"
"matchCriteriaId": "F8E2831C-6C9A-4130-8993-2E5DF9F8F6F3"
}
]
}

6
CVE-2020/CVE-2020-243xx/CVE-2020-24383.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-24383",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-11T23:15:14.213",
"lastModified": "2020-12-15T02:04:13.527",
"lastModified": "2023-10-12T18:31:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fnet_project:fnet:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.4",
"matchCriteriaId": "DE67EBDA-794F-4D06-AC31-B24F8ECFEA6D"
"matchCriteriaId": "F8E2831C-6C9A-4130-8993-2E5DF9F8F6F3"
}
]
}

119
CVE-2022/CVE-2022-222xx/CVE-2022-22298.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-22298",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:10.837",
"lastModified": "2023-10-10T17:52:17.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:57:10.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en: \nFortinet FortiIsolator versi\u00f3n 1.0.0, \nFortiIsolator versi\u00f3n 1.1.0, \nFortiIsolator versi\u00f3n 1.2.0 a 1.2.2, \nFortiIsolator versi\u00f3n 2.0.0 a 2.0. 1, \nFortiIsolator versi\u00f3n 2.1.0 a 2.1.2, \nFortiIsolator versi\u00f3n 2.2.0, \nFortiIsolator versi\u00f3n 2.3.0 a 2.3.4. \nPermite al atacante ejecutar comandos arbitrarios del sistema operativo en el shell subyacente a trav\u00e9s de par\u00e1metros de entrada especialmente manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,99 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndIncluding": "2.3.4",
"matchCriteriaId": "23294BAD-8A68-41FF-9C58-B525D8732B03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFE83AE-1395-4205-B805-A508E53DF215"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3FA24F-4D8F-48E3-BAC4-654E0DBCA800"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67431CA-CA69-4D8B-B1EF-321828DBEEBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E43F6415-298C-4AC4-BC1F-8E7CDD367AA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC84748-C9CA-412E-91EE-F341C1B975FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "067563F7-3868-40DD-BE14-9D65FDAB940F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40EE8089-FB10-4CA5-BA41-F6A2ED32E8DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "472F7F9F-DA6F-4017-87FD-288CEE40D2F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB1042D-A702-4AC9-9A13-EC267210A5DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D19301A-FC50-4684-9004-CF1A36230B31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E98DE-F384-43D1-91DB-972CB50A53B6"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-21-233",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2022/CVE-2022-359xx/CVE-2022-35950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-35950",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T14:15:10.437",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:35:08.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "4.1.13",
"matchCriteriaId": "32EDECA1-B4DE-4B4E-BC00-46A54F439F37"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndIncluding": "4.2.10",
"matchCriteriaId": "8CD6473A-785F-4EA1-8546-250A24D35964"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.0.10",
"matchCriteriaId": "36DF30D9-2663-4C18-AD5E-4F1B28B76919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65018D49-CD44-4822-90B9-FBBE511C69E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C6A05715-A41C-48C3-B652-37149B5EC9F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "7ABD8542-5AF9-4708-95F8-CAC463DC5524"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "25D470A3-9391-4B37-BC22-BEB3FDC61F55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9C07183A-B15C-44B1-997D-7D8006BE5347"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F64268CD-68F3-4E90-9671-B67BDFE1293B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:orocommerce:5.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79BEF47C-CAE7-4ACE-AB1C-A784950D7F9B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-2jc6-3fhj-8q84",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

129
CVE-2022/CVE-2022-362xx/CVE-2022-36228.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36228",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T21:15:09.850",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:37:26.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,132 @@
"value": "Nokelock Smart padlock O1 versi\u00f3n 5.3.0 es vulnerable a permisos inseguros. Al enviar una solicitud, puede agregar cualquier dispositivo y configurar la contrase\u00f1a del dispositivo en la aplicaci\u00f3n Nokelock."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:janusintl:noke_standard_smart_padlock_firmware:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7E2BB-06DC-4795-8993-2FF4A65CF5C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:janusintl:noke_standard_smart_padlock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CBCFAF-1E3C-4D23-AB50-E507FAE01B81"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:janusintl:noke_hd_smart_padlock_firmware:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE70B568-0FD5-410F-BE40-8E8C2F287595"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:janusintl:noke_hd_smart_padlock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E583B74-1A27-4436-B437-32AF666E5559"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:janusintl:noke_hd\\+_smart_padlock_firmware:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDB5B2B-82AD-4DD5-A05E-04696B7143AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:janusintl:noke_hd\\+_smart_padlock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2226C90-60C4-468F-9161-0AF6C384DF2D"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/YTrick/59c06611052d3fdae034e7087293bbc0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2022/CVE-2022-37xx/CVE-2022-3728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3728",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-09T21:15:09.910",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:37:06.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -50,10 +70,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"matchCriteriaId": "0470C9DD-BF1C-46F8-AC1F-B5571DF2422D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F5560A-10AE-46AE-A609-C8EB9287F779"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"matchCriteriaId": "4A175A81-48BE-4C0F-A0C1-56AB54B778E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C890D81-D9C9-4AEB-A12E-DF79528876CD"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2022/CVE-2022-41xx/CVE-2022-4145.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4145",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T13:15:09.543",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:38:26.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de suplantaci\u00f3n de contenido en el endpoint OAuth de OpenShift. Esta falla permite que un atacante remoto y no autenticado inyecte texto en una p\u00e1gina web, lo que permite ofuscar una operaci\u00f3n de phishing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4145",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148667",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

163
CVE-2022/CVE-2022-481xx/CVE-2022-48182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48182",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-09T21:15:10.003",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:37:01.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -50,10 +70,147 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"matchCriteriaId": "0470C9DD-BF1C-46F8-AC1F-B5571DF2422D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F5560A-10AE-46AE-A609-C8EB9287F779"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"matchCriteriaId": "4A175A81-48BE-4C0F-A0C1-56AB54B778E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C890D81-D9C9-4AEB-A12E-DF79528876CD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35",
"matchCriteriaId": "FE8BCD7B-DEC5-4138-B24B-4B9F96FC222E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F5560A-10AE-46AE-A609-C8EB9287F779"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35",
"matchCriteriaId": "7644F531-2765-41BB-9AD6-97BC265DE304"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C890D81-D9C9-4AEB-A12E-DF79528876CD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

163
CVE-2022/CVE-2022-481xx/CVE-2022-48183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48183",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-09T21:15:10.080",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:36:54.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -50,10 +70,147 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"matchCriteriaId": "0470C9DD-BF1C-46F8-AC1F-B5571DF2422D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F5560A-10AE-46AE-A609-C8EB9287F779"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"matchCriteriaId": "4A175A81-48BE-4C0F-A0C1-56AB54B778E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C890D81-D9C9-4AEB-A12E-DF79528876CD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35",
"matchCriteriaId": "FE8BCD7B-DEC5-4138-B24B-4B9F96FC222E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F5560A-10AE-46AE-A609-C8EB9287F779"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35",
"matchCriteriaId": "7644F531-2765-41BB-9AD6-97BC265DE304"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C890D81-D9C9-4AEB-A12E-DF79528876CD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-273xx/CVE-2023-27312.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27312",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T19:15:11.537",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are \nsusceptible to a vulnerability which may allow authenticated \nunprivileged users to modify email and snapshot name settings within the\n VMware vSphere user interface.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230713-0001/",
"source": "security-alert@netapp.com"
}
]
}

55
CVE-2023/CVE-2023-273xx/CVE-2023-27313.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27313",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T19:15:11.653",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a \nvulnerability which may allow an authenticated unprivileged user to gain\n access as an admin user.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230713-0002/",
"source": "security-alert@netapp.com"
}
]
}

55
CVE-2023/CVE-2023-273xx/CVE-2023-27314.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27314",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T19:15:11.747",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20231009-0001/",
"source": "security-alert@netapp.com"
}
]
}

6
CVE-2023/CVE-2023-273xx/CVE-2023-27395.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27395",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.583",
"lastModified": "2023-10-12T17:15:09.693",
"lastModified": "2023-10-12T18:15:09.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -54,10 +54,6 @@
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1735",
"source": "talos-cna@cisco.com"
}
]
}

14
CVE-2023/CVE-2023-293xx/CVE-2023-29338.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-29338",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.900",
"lastModified": "2023-05-16T15:22:50.140",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-12T19:15:11.897",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Visual Studio Code Information Disclosure Vulnerability"
"value": "Visual Studio Code Spoofing Vulnerability"
}
],
"metrics": {
@ -17,20 +17,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
"impactScore": 5.2
}
]
},

15
CVE-2023/CVE-2023-376xx/CVE-2023-37637.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-37637",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T18:15:10.140",
"lastModified": "2023-10-12T18:15:10.140",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-38817. Reason: This record is a reservation duplicate of CVE-2023-38817. Notes: All CVE users should reference CVE-2023-38817 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

76
CVE-2023/CVE-2023-379xx/CVE-2023-37935.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37935",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-10-10T17:15:12.267",
"lastModified": "2023-10-10T17:52:09.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:59:17.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services."
},
{
"lang": "es",
"value": "Un uso del m\u00e9todo de solicitud GET con vulnerabilidad de cadenas de consulta confidenciales en Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 y 7.4.0 permite a un atacante ver contrase\u00f1as en texto plano de servicios remotos como RDP o VNC, si el atacante puede leer las solicitudes GET de esos servicios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +58,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.12",
"matchCriteriaId": "BA582D59-C740-4AE7-83CA-C09A1D0EDA88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.5",
"matchCriteriaId": "A6E44123-995C-4E08-84B5-FF8C76B67B29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-120",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41659.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41659",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T15:15:14.123",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:18:13.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <=\u00a02.3.10 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jules Colle, complemento BDWM Responsive Gallery Grid en versiones &lt;= 2.3.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bdwm:responsive_gallery_grid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.10",
"matchCriteriaId": "BE296DBD-3F50-4AFC-A637-3CC23C454439"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/responsive-gallery-grid/wordpress-responsive-gallery-grid-plugin-2-3-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-416xx/CVE-2023-41684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41684",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T07:15:11.577",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:41:06.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:felixwelberg:sis_handball:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.45",
"matchCriteriaId": "2D417523-6EB1-40EC-B723-08AFB8865FB8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sis-handball/wordpress-sis-handball-plugin-1-0-45-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-416xx/CVE-2023-41694.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41694",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T08:15:10.907",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:42:03.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realbig:realbig:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "EBA19D91-DA09-4932-9AD2-BAAA41A9C23E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41850",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T09:15:09.737",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:05:21.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sparro:outbound_link_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "D458FA4E-E074-4644-9C9A-C094EB045E82"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/outbound-link-manager/wordpress-outbound-link-manager-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-418xx/CVE-2023-41851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41851",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T09:15:09.833",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:04:02.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dotsquares:wp_custom_post_template:1.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "553C56C6-C239-4E0A-9AB5-629D2152C842"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-custom-post-template/wordpress-wp-custom-post-template-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41852",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T09:15:09.917",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:58:57.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mailmunch:mailmunch:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "BE827FA3-9E33-4E85-8BB2-1D613632E048"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mailmunch/wordpress-mailmunch-grow-your-email-list-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41853",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T09:15:09.997",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:55:48.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpicalavailability:wp_ical_availability:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "440D0526-6006-4831-B3DF-0C73F5B9C4BD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-ical-availability/wordpress-wp-ical-availability-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-431xx/CVE-2023-43147.json
View File

@ -2,18 +2,18 @@
"id": "CVE-2023-43147",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T16:15:12.100",
"lastModified": "2023-10-12T16:52:07.503",
"lastModified": "2023-10-12T18:15:10.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI."
"value": "PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MinoTauro2020/CVE-2023-43148",
"url": "https://github.com/MinoTauro2020/CVE-2023-43147/",
"source": "cve@mitre.org"
}
]

20
CVE-2023/CVE-2023-431xx/CVE-2023-43148.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43148",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T19:15:12.013",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MinoTauro2020/CVE-2023-43148",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43149.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43149",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T18:15:10.943",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MinoTauro2020/CVE-2023-43149",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-436xx/CVE-2023-43615.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-43615",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-07T01:15:10.783",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:16:08.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow."
},
{
"lang": "es",
"value": "Mbed TLS 2.x anterior a 2.28.5 y 3.x anterior a 3.5.0 tiene un desbordamiento de b\u00fafer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.28.5",
"matchCriteriaId": "347A4D68-3906-4824-BD5D-AEE79AA5D283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "4C6C09E2-9697-4C1B-B7AE-C78FB01E9FD8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-437xx/CVE-2023-43785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43785",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:21.877",
"lastModified": "2023-10-12T12:15:10.407",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T19:03:12.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,14 +58,86 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.7",
"matchCriteriaId": "52C64065-5AE9-463F-9500-CEBE3BA0C275"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-43785",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-442xx/CVE-2023-44241.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44241",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T14:15:10.617",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:09:34.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <=\u00a01.4.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Keap Keap Landing Pages en versiones &lt;= 1.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:keap:keap_landing_pages:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.2",
"matchCriteriaId": "8FB3430D-D4D2-4353-80CA-18B7B5E415E0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/infusionsoft-landing-pages/wordpress-keap-landing-pages-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-444xx/CVE-2023-44467.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44467",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T20:15:10.480",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:37:32.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "langchain_experimental 0.0.14 permite a un atacante omitir la correcci\u00f3n CVE-2023-36258 y ejecutar c\u00f3digo arbitrario a trav\u00e9s de PALChain en el m\u00e9todo python exec."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:langchain:langchain_experimental:0.0.14:*:*:*:*:python:*:*",
"matchCriteriaId": "6E2A46AF-C374-4305-BCF3-A1DFFBB080F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-444xx/CVE-2023-44470.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44470",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T14:15:10.797",
"lastModified": "2023-10-10T14:58:46.263",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:50:34.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <=\u00a01.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Kvvaradha Kv TinyMCE Editor Add Fonts en versiones &lt;= 1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kvvaradha:kv_tinymce_editor_add_fonts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "EE59461C-2E68-479C-98B0-7898BE2542D9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kv-tinymce-editor-fonts/wordpress-kv-tinymce-editor-add-fonts-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-444xx/CVE-2023-44471.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44471",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.243",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:47:22.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <=\u00a02.1.10 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento de Bernhard Kau Backend Localization en versiones &lt;= 2.1.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kau-boys:backend_localization:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.10",
"matchCriteriaId": "58FFE8D8-B192-4D9D-80DE-C34FBCC769C0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kau-boys-backend-localization/wordpress-backend-localization-plugin-2-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-444xx/CVE-2023-44475.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44475",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.320",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:42:15.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <=\u00a02.0.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Michael Simpson Add Shortcodes Actions And Filters en versiones &lt;= 2.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:msimpson:add_shortcodes_actions_and_filters:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.9",
"matchCriteriaId": "5E81FAE2-7C91-4B59-93CA-6306500CE609"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-444xx/CVE-2023-44476.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44476",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.397",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:26:41.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <=\u00a02.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Andres Felipe Perea V. CopyRightPro en versiones &lt;= 2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-copyrightpro:wp-copyrightpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1",
"matchCriteriaId": "CC271B6C-716B-411D-9FBE-5A1F2EB97487"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/copyrightpro/wordpress-copyrightpro-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

34
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-11T22:15:10.140",
"lastModified": "2023-10-12T18:15:11.437",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2023-10-10",
"cisaActionDue": "2023-10-31",
@ -88,6 +88,14 @@
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Azure/AKS/issues/3947",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Kong/kong/discussions/11741",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
"source": "cve@mitre.org"
@ -100,10 +108,18 @@
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/akka/akka-http/issues/4323",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/apache/apisix/issues/10320",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/apache/httpd-site/pull/10",
"source": "cve@mitre.org"
@ -120,6 +136,10 @@
"url": "https://github.com/apache/trafficserver/pull/10564",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487",
"source": "cve@mitre.org"
@ -228,6 +248,10 @@
"url": "https://github.com/nodejs/node/pull/50121",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openresty/openresty/issues/930",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474",
"source": "cve@mitre.org"
@ -308,6 +332,10 @@
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
"source": "cve@mitre.org"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
"source": "cve@mitre.org"
@ -340,6 +368,10 @@
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
"source": "cve@mitre.org"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"source": "cve@mitre.org"

51
CVE-2023/CVE-2023-449xx/CVE-2023-44994.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44994",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T15:15:10.607",
"lastModified": "2023-10-10T15:47:36.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:16:51.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <=\u00a01.9.8 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Bainternet ShortCodes UI en versiones &lt;= 1.9.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bainternet:shortcodes_ui:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.8",
"matchCriteriaId": "0CA9A774-1FA0-46A0-B36A-DED1AA7EA9C0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcodes-ui/wordpress-shortcodes-ui-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-449xx/CVE-2023-44995.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44995",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-10T16:15:10.177",
"lastModified": "2023-10-10T16:37:27.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:13:44.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <=\u00a02.2.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WP Doctor WooCommerce Login Redirect en versiones &lt;= 2.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdoctor:woocommerce_login_redirect:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.4",
"matchCriteriaId": "813E543D-2E03-45B2-9E93-B77C2A5E2578"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-login-redirect/wordpress-woocommerce-login-redirect-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-451xx/CVE-2023-45133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45133",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:09.797",
"lastModified": "2023-10-12T17:15:09.797",
"vulnStatus": "Received",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:09.900",
"lastModified": "2023-10-12T17:15:09.900",
"vulnStatus": "Received",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45142.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45142",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:09.990",
"lastModified": "2023-10-12T17:15:09.990",
"vulnStatus": "Received",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-451xx/CVE-2023-45143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45143",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-12T17:15:10.087",
"lastModified": "2023-10-12T17:15:10.087",
"vulnStatus": "Received",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-451xx/CVE-2023-45199.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-45199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-07T01:15:10.840",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:19:39.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution."
},
{
"lang": "es",
"value": "Mbed TLS 3.2.x a 3.4.x anterior a 3.5 tiene un desbordamiento de b\u00fafer que puede provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "4E43BC28-A15D-4D6B-9B1C-67FEF4132FAC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-453xx/CVE-2023-45303.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T19:15:13.040",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:10:31.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint)."
},
{
"lang": "es",
"value": "ThingsBoard anterior a 3.5 permite la inyecci\u00f3n de plantillas del lado del servidor si los usuarios pueden modificar una plantilla de correo electr\u00f3nico, porque Apache FreeMarker admite freemarker.template.utility.Execute (para contenido enviado al endpoint /api/admin/settings)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thingsboard:thingsboard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5",
"matchCriteriaId": "2E17FF63-D652-48D6-A794-4B1BFE246910"
}
]
}
]
}
],
"references": [
{
"url": "https://freemarker.apache.org/docs/api/freemarker/template/utility/Execute.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0010/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

93
CVE-2023/CVE-2023-453xx/CVE-2023-45349.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45349",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:50.070",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:36:42.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,98 @@
"value": "Atos Unify OpenScape 4000 Assistant V10 R1 antes de V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 antes de V10 R1.34.7, 4000 Manager V10 R1.42.0 y 4000 Manager V10 R0 exponen informaci\u00f3n confidencial que puede permitir el movimiento lateral al sistema de respaldo a trav\u00e9s de AShbr. Esto tambi\u00e9n se conoce como OSFOURK-23722."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "663FE8C5-3827-4B6D-A598-247D071DB0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "F1AE8D88-E490-4426-8259-04F65409A2F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1.42.0:*:*:*:*:*:*",
"matchCriteriaId": "752547E5-1A9D-4C48-A220-0B6EE31B841F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "A81CFBD0-39E6-4CF2-80DA-1785A6625C8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "EEB266EB-67B7-4007-A942-D64DB746BB2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1.42.0:*:*:*:*:*:*",
"matchCriteriaId": "AF414BF3-6978-4A50-B2E4-0B7F6088AD53"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

73
CVE-2023/CVE-2023-453xx/CVE-2023-45350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45350",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:53.527",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:36:32.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Atos Unify OpenScape 4000 Manager V10 R1 anterior a V10 R1.42.1 y 4000 Manager V10 R0 permiten una escalada de privilegios que puede llevar a que un atacante autenticado pueda ejecutar c\u00f3digo arbitrario a trav\u00e9s de AScm. Esto tambi\u00e9n se conoce como OSFOURK-24034."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "A81CFBD0-39E6-4CF2-80DA-1785A6625C8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "EEB266EB-67B7-4007-A942-D64DB746BB2E"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

83
CVE-2023/CVE-2023-453xx/CVE-2023-45351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45351",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:53.947",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:36:25.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Atos Unify OpenScape 4000 Assistant V10 R1 anterior a V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 anterior a V10 R1.42.1 y 4000 Manager V10 R0 permiten la inyecci\u00f3n de comandos autenticados a trav\u00e9s de AShbr. Esto tambi\u00e9n se conoce como OSFOURK-24039."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "663FE8C5-3827-4B6D-A598-247D071DB0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "F1AE8D88-E490-4426-8259-04F65409A2F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "A81CFBD0-39E6-4CF2-80DA-1785A6625C8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "EEB266EB-67B7-4007-A942-D64DB746BB2E"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

68
CVE-2023/CVE-2023-453xx/CVE-2023-45352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45352",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:54.260",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:36:15.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Atos Unify OpenScape Common Management Portal V10 anterior a V10 R4.17.0 y V10 R5.1.0 permite a un atacante autenticado ejecutar c\u00f3digo arbitrario en el sistema operativo a trav\u00e9s de una interfaz web del Common Management Portal. Vulnerabilidad de path traversal que permite el acceso de escritura fuera de las carpetas deseadas. Esto tambi\u00e9n se conoce como OCMP-6592."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_common_management:10:-:*:*:*:*:*:*",
"matchCriteriaId": "3FAFA13F-9CC4-4F48-8CE0-ECA83EB2EB9A"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2306-02.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

68
CVE-2023/CVE-2023-453xx/CVE-2023-45353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:54.607",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:35:55.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Atos Unify OpenScape Common Management Portal V10 anterior a V10 R4.17.0 y V10 R5.1.0 permite a un atacante autenticado ejecutar c\u00f3digo arbitrario en el sistema operativo aprovechando la interfaz web del Common Management Portal para carga remota autenticada y creaci\u00f3n de archivos arbitrarios que afectan el sistema operativo subyacente. Esto tambi\u00e9n se conoce como OCMP-6591."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_common_management:10:-:*:*:*:*:*:*",
"matchCriteriaId": "3FAFA13F-9CC4-4F48-8CE0-ECA83EB2EB9A"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2306-02.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

68
CVE-2023/CVE-2023-453xx/CVE-2023-45354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:54.987",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:35:46.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "Atos Unify OpenScape Common Management Portal V10 anterior a V10 R4.17.0 y V10 R5.1.0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario en el sistema operativo utilizando la interfaz web del Common Management Portal. Esto tambi\u00e9n se conoce como OCMP-6589."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_common_management:10:-:*:*:*:*:*:*",
"matchCriteriaId": "3FAFA13F-9CC4-4F48-8CE0-ECA83EB2EB9A"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2306-02.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/857003738/unify-openscape-common-management-platform-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-update-zu-bekannten-schwachstellen-und-sicherheitsluecken-vom-03-07-2023/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

73
CVE-2023/CVE-2023-453xx/CVE-2023-45355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:55.350",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:35:37.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Atos Unify OpenScape 4000 Platform V10 R1 antes del Hotfix V10 R1.42.2 y 4000 y Manager Platform V10 R1 antes del Hotfix V10 R1.42.2 permiten la inyecci\u00f3n de comandos por parte de un atacante autenticado en el sistema operativo de la plataforma, lo que conduce al acceso administrativo a trav\u00e9s del servicio web. Esto tambi\u00e9n se conoce como OSFOURK-24120."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "F1AE8D88-E490-4426-8259-04F65409A2F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*",
"matchCriteriaId": "EEB266EB-67B7-4007-A942-D64DB746BB2E"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2308-02.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/857079218/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

73
CVE-2023/CVE-2023-453xx/CVE-2023-45356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45356",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T04:15:55.667",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:35:22.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Atos Unify OpenScape 4000 Platform V10 R1 antes del Hotfix V10 R1.42.2 4000 y Manager Platform V10 R1 antes del Hotfix V10 R1.42.2 permiten la inyecci\u00f3n de comandos por parte de un atacante autenticado en el sistema operativo de la plataforma, lo que conduce al acceso administrativo, a trav\u00e9s de las p\u00e1ginas dtb del portal de la plataforma. Esto tambi\u00e9n se conoce como OSFOURK-23719."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "663FE8C5-3827-4B6D-A598-247D071DB0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*",
"matchCriteriaId": "A81CFBD0-39E6-4CF2-80DA-1785A6625C8E"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2308-02.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.news.de/technik/857079218/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
}
]
}

62
CVE-2023/CVE-2023-45xx/CVE-2023-4570.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4570",
"sourceIdentifier": "security@ni.com",
"published": "2023-10-05T16:15:12.357",
"lastModified": "2023-10-05T16:22:20.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:38:41.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service\u00a0Python package and all previous versions.\n"
},
{
"lang": "es",
"value": "Una restricci\u00f3n de acceso inadecuada en los servicios de NI MeasurementLink Python podr\u00eda permitir que un atacante en una red adyacente acceda a servicios expuestos en localhost. Anteriormente se pensaba que estos servicios eran inalcanzables fuera del nodo. Esto afecta a los complementos de medici\u00f3n escritos en Python que utilizan la versi\u00f3n 1.1.0 del paquete Python ni-measurementlink-service y todas las versiones anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@ni.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@ni.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ni:measurementlink:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.1.1",
"matchCriteriaId": "8731F703-66B3-41C9-BA87-1563482F6AE5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html",
"source": "security@ni.com"
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-50xx/CVE-2023-5072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5072",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-12T17:15:10.187",
"lastModified": "2023-10-12T17:15:10.187",
"vulnStatus": "Received",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-53xx/CVE-2023-5330.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5330",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-10-09T11:15:11.197",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T18:31:55.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.8.11",
"matchCriteriaId": "714E3E9F-A35A-456F-B198-C1CBD09169C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.3",
"matchCriteriaId": "135D194F-2285-4EB4-9963-5BCB97F6BC6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.2",
"matchCriteriaId": "AC20942B-35AD-4EF5-8878-6E112865E3D5"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-53xx/CVE-2023-5331.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5331",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-10-09T11:15:11.280",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T18:31:39.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.8.11",
"matchCriteriaId": "714E3E9F-A35A-456F-B198-C1CBD09169C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.3",
"matchCriteriaId": "135D194F-2285-4EB4-9963-5BCB97F6BC6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.2",
"matchCriteriaId": "AC20942B-35AD-4EF5-8878-6E112865E3D5"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-53xx/CVE-2023-5333.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5333",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-10-09T11:15:11.363",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-12T18:35:58.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.8.11",
"matchCriteriaId": "714E3E9F-A35A-456F-B198-C1CBD09169C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.3",
"matchCriteriaId": "135D194F-2285-4EB4-9963-5BCB97F6BC6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.2",
"matchCriteriaId": "AC20942B-35AD-4EF5-8878-6E112865E3D5"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-54xx/CVE-2023-5460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5460",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-09T19:15:10.543",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:38:00.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deltaww:wplsoft:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndIncluding": "2.51",
"matchCriteriaId": "A302AEC1-BDED-480D-81F3-9BC06D78F70B"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.241583",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.241583",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

55
CVE-2023/CVE-2023-54xx/CVE-2023-5468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5468",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-10T05:15:09.550",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T19:11:08.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leechesnutt:slick_contact_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.7",
"matchCriteriaId": "9921A503-6545-4F2B-AE5D-AC2089983DB0"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/slick-contact-forms/tags/1.3.7/dcwp_slick_contact.php#L71",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22c63226-2bc6-40be-a5d1-1bd169fc78b8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-54xx/CVE-2023-5471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5471",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-10T01:15:10.400",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:54:46.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:farmacia_project:farmacia:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D380C1FE-6094-48EE-8E25-BFFCB798D54B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/miziha6/cve/blob/main/Farmacia%20System.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.241608",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.241608",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-55xx/CVE-2023-5511.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5511",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-11T01:15:08.887",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-12T18:02:36.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"matchCriteriaId": "C80376C2-1F06-4F40-80C7-A22721890E8F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-12T18:00:24.510144+00:00
2023-10-12T20:00:24.468329+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-12T17:54:21.100000+00:00
2023-10-12T19:59:17.273000+00:00
```
### Last Data Feed Release
@ -29,59 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227680
227686
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `6`
* [CVE-2023-22308](CVE-2023/CVE-2023-223xx/CVE-2023-22308.json) (`2023-10-12T16:15:09.967`)
* [CVE-2023-22325](CVE-2023/CVE-2023-223xx/CVE-2023-22325.json) (`2023-10-12T16:15:10.283`)
* [CVE-2023-23581](CVE-2023/CVE-2023-235xx/CVE-2023-23581.json) (`2023-10-12T16:15:10.937`)
* [CVE-2023-25774](CVE-2023/CVE-2023-257xx/CVE-2023-25774.json) (`2023-10-12T16:15:11.297`)
* [CVE-2023-27516](CVE-2023/CVE-2023-275xx/CVE-2023-27516.json) (`2023-10-12T16:15:11.670`)
* [CVE-2023-31192](CVE-2023/CVE-2023-311xx/CVE-2023-31192.json) (`2023-10-12T16:15:11.760`)
* [CVE-2023-32275](CVE-2023/CVE-2023-322xx/CVE-2023-32275.json) (`2023-10-12T16:15:11.840`)
* [CVE-2023-32634](CVE-2023/CVE-2023-326xx/CVE-2023-32634.json) (`2023-10-12T16:15:11.920`)
* [CVE-2023-43147](CVE-2023/CVE-2023-431xx/CVE-2023-43147.json) (`2023-10-12T16:15:12.100`)
* [CVE-2023-27395](CVE-2023/CVE-2023-273xx/CVE-2023-27395.json) (`2023-10-12T16:15:11.583`)
* [CVE-2023-45133](CVE-2023/CVE-2023-451xx/CVE-2023-45133.json) (`2023-10-12T17:15:09.797`)
* [CVE-2023-45138](CVE-2023/CVE-2023-451xx/CVE-2023-45138.json) (`2023-10-12T17:15:09.900`)
* [CVE-2023-45142](CVE-2023/CVE-2023-451xx/CVE-2023-45142.json) (`2023-10-12T17:15:09.990`)
* [CVE-2023-45143](CVE-2023/CVE-2023-451xx/CVE-2023-45143.json) (`2023-10-12T17:15:10.087`)
* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-10-12T17:15:10.187`)
* [CVE-2023-37637](CVE-2023/CVE-2023-376xx/CVE-2023-37637.json) (`2023-10-12T18:15:10.140`)
* [CVE-2023-43149](CVE-2023/CVE-2023-431xx/CVE-2023-43149.json) (`2023-10-12T18:15:10.943`)
* [CVE-2023-27312](CVE-2023/CVE-2023-273xx/CVE-2023-27312.json) (`2023-10-12T19:15:11.537`)
* [CVE-2023-27313](CVE-2023/CVE-2023-273xx/CVE-2023-27313.json) (`2023-10-12T19:15:11.653`)
* [CVE-2023-27314](CVE-2023/CVE-2023-273xx/CVE-2023-27314.json) (`2023-10-12T19:15:11.747`)
* [CVE-2023-43148](CVE-2023/CVE-2023-431xx/CVE-2023-43148.json) (`2023-10-12T19:15:12.013`)
### CVEs modified in the last Commit
Recently modified CVEs: `53`
Recently modified CVEs: `57`
* [CVE-2023-21244](CVE-2023/CVE-2023-212xx/CVE-2023-21244.json) (`2023-10-12T16:46:48.953`)
* [CVE-2023-41854](CVE-2023/CVE-2023-418xx/CVE-2023-41854.json) (`2023-10-12T17:07:32.377`)
* [CVE-2023-40556](CVE-2023/CVE-2023-405xx/CVE-2023-40556.json) (`2023-10-12T17:08:39.293`)
* [CVE-2023-35349](CVE-2023/CVE-2023-353xx/CVE-2023-35349.json) (`2023-10-12T17:14:18.920`)
* [CVE-2023-36431](CVE-2023/CVE-2023-364xx/CVE-2023-36431.json) (`2023-10-12T17:14:47.200`)
* [CVE-2023-36433](CVE-2023/CVE-2023-364xx/CVE-2023-36433.json) (`2023-10-12T17:15:55.900`)
* [CVE-2023-44238](CVE-2023/CVE-2023-442xx/CVE-2023-44238.json) (`2023-10-12T17:18:06.573`)
* [CVE-2023-45244](CVE-2023/CVE-2023-452xx/CVE-2023-45244.json) (`2023-10-12T17:23:47.253`)
* [CVE-2023-45239](CVE-2023/CVE-2023-452xx/CVE-2023-45239.json) (`2023-10-12T17:26:02.740`)
* [CVE-2023-36434](CVE-2023/CVE-2023-364xx/CVE-2023-36434.json) (`2023-10-12T17:26:25.127`)
* [CVE-2023-40299](CVE-2023/CVE-2023-402xx/CVE-2023-40299.json) (`2023-10-12T17:32:03.607`)
* [CVE-2023-5366](CVE-2023/CVE-2023-53xx/CVE-2023-5366.json) (`2023-10-12T17:40:07.343`)
* [CVE-2023-5218](CVE-2023/CVE-2023-52xx/CVE-2023-5218.json) (`2023-10-12T17:48:12.617`)
* [CVE-2023-5473](CVE-2023/CVE-2023-54xx/CVE-2023-5473.json) (`2023-10-12T17:48:36.180`)
* [CVE-2023-5474](CVE-2023/CVE-2023-54xx/CVE-2023-5474.json) (`2023-10-12T17:48:55.820`)
* [CVE-2023-5475](CVE-2023/CVE-2023-54xx/CVE-2023-5475.json) (`2023-10-12T17:49:18.290`)
* [CVE-2023-36435](CVE-2023/CVE-2023-364xx/CVE-2023-36435.json) (`2023-10-12T17:50:44.660`)
* [CVE-2023-36126](CVE-2023/CVE-2023-361xx/CVE-2023-36126.json) (`2023-10-12T17:51:05.700`)
* [CVE-2023-36570](CVE-2023/CVE-2023-365xx/CVE-2023-36570.json) (`2023-10-12T17:51:16.540`)
* [CVE-2023-44246](CVE-2023/CVE-2023-442xx/CVE-2023-44246.json) (`2023-10-12T17:52:33.000`)
* [CVE-2023-44240](CVE-2023/CVE-2023-442xx/CVE-2023-44240.json) (`2023-10-12T17:53:06.413`)
* [CVE-2023-44473](CVE-2023/CVE-2023-444xx/CVE-2023-44473.json) (`2023-10-12T17:53:16.280`)
* [CVE-2023-44993](CVE-2023/CVE-2023-449xx/CVE-2023-44993.json) (`2023-10-12T17:53:25.957`)
* [CVE-2023-45612](CVE-2023/CVE-2023-456xx/CVE-2023-45612.json) (`2023-10-12T17:53:41.813`)
* [CVE-2023-45613](CVE-2023/CVE-2023-456xx/CVE-2023-45613.json) (`2023-10-12T17:54:21.100`)
* [CVE-2023-4570](CVE-2023/CVE-2023-45xx/CVE-2023-4570.json) (`2023-10-12T18:38:41.030`)
* [CVE-2023-41684](CVE-2023/CVE-2023-416xx/CVE-2023-41684.json) (`2023-10-12T18:41:06.240`)
* [CVE-2023-41694](CVE-2023/CVE-2023-416xx/CVE-2023-41694.json) (`2023-10-12T18:42:03.957`)
* [CVE-2023-5471](CVE-2023/CVE-2023-54xx/CVE-2023-5471.json) (`2023-10-12T18:54:46.000`)
* [CVE-2023-41853](CVE-2023/CVE-2023-418xx/CVE-2023-41853.json) (`2023-10-12T18:55:48.830`)
* [CVE-2023-41852](CVE-2023/CVE-2023-418xx/CVE-2023-41852.json) (`2023-10-12T18:58:57.587`)
* [CVE-2023-43785](CVE-2023/CVE-2023-437xx/CVE-2023-43785.json) (`2023-10-12T19:03:12.133`)
* [CVE-2023-41851](CVE-2023/CVE-2023-418xx/CVE-2023-41851.json) (`2023-10-12T19:04:02.990`)
* [CVE-2023-41850](CVE-2023/CVE-2023-418xx/CVE-2023-41850.json) (`2023-10-12T19:05:21.280`)
* [CVE-2023-44241](CVE-2023/CVE-2023-442xx/CVE-2023-44241.json) (`2023-10-12T19:09:34.853`)
* [CVE-2023-5468](CVE-2023/CVE-2023-54xx/CVE-2023-5468.json) (`2023-10-12T19:11:08.780`)
* [CVE-2023-44995](CVE-2023/CVE-2023-449xx/CVE-2023-44995.json) (`2023-10-12T19:13:44.993`)
* [CVE-2023-29338](CVE-2023/CVE-2023-293xx/CVE-2023-29338.json) (`2023-10-12T19:15:11.897`)
* [CVE-2023-44994](CVE-2023/CVE-2023-449xx/CVE-2023-44994.json) (`2023-10-12T19:16:51.850`)
* [CVE-2023-41659](CVE-2023/CVE-2023-416xx/CVE-2023-41659.json) (`2023-10-12T19:18:13.650`)
* [CVE-2023-44476](CVE-2023/CVE-2023-444xx/CVE-2023-44476.json) (`2023-10-12T19:26:41.407`)
* [CVE-2023-44475](CVE-2023/CVE-2023-444xx/CVE-2023-44475.json) (`2023-10-12T19:42:15.347`)
* [CVE-2023-45133](CVE-2023/CVE-2023-451xx/CVE-2023-45133.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-45138](CVE-2023/CVE-2023-451xx/CVE-2023-45138.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-45142](CVE-2023/CVE-2023-451xx/CVE-2023-45142.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-45143](CVE-2023/CVE-2023-451xx/CVE-2023-45143.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-5072](CVE-2023/CVE-2023-50xx/CVE-2023-5072.json) (`2023-10-12T19:42:47.127`)
* [CVE-2023-44471](CVE-2023/CVE-2023-444xx/CVE-2023-44471.json) (`2023-10-12T19:47:22.937`)
* [CVE-2023-44470](CVE-2023/CVE-2023-444xx/CVE-2023-44470.json) (`2023-10-12T19:50:34.870`)
* [CVE-2023-37935](CVE-2023/CVE-2023-379xx/CVE-2023-37935.json) (`2023-10-12T19:59:17.273`)
## Download and Usage