admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-29T20:00:24.629808+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-29 20:00:28 +00:00
parent b8e3ba1d22
commit 84255e4f0d
55 changed files with 3618 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
CVE-2021/CVE-2021-293xx/CVE-2021-29390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-29390",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.237",
"lastModified": "2023-09-21T03:15:09.487",
"vulnStatus": "Modified",
"lastModified": "2023-09-29T18:25:54.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
@ -65,6 +65,31 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
@ -72,28 +97,47 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

35
CVE-2022/CVE-2022-231xx/CVE-2022-23125.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23125",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-03-28T19:15:10.507",
"lastModified": "2023-09-29T11:15:02.217",
"vulnStatus": "Modified",
"lastModified": "2023-09-29T18:25:48.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -84,12 +84,36 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
@ -100,7 +124,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5503",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/",

77
CVE-2023/CVE-2023-04xx/CVE-2023-0456.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-0456",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-27T15:16:03.167",
"lastModified": "2023-09-27T15:41:59.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:40:56.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en APICast, cuando el m\u00f3dulo OIDC de 3Scale no eval\u00faa adecuadamente la respuesta a un token no coincidente de un dominio separado. Esto podr\u00eda permitir que un atacante pueda acceder a un dominio separado, lo que permitir\u00eda el acceso a informaci\u00f3n no autorizada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:apicast:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.2",
"matchCriteriaId": "0ECB1971-5791-4702-9779-B2A49902275B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:apicast:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.13.0",
"versionEndExcluding": "2.13.2",
"matchCriteriaId": "04C21CEF-979F-4AC0-AD4A-6F4650174279"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0456",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163586",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-262xx/CVE-2023-26218.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26218",
"sourceIdentifier": "security@tibco.com",
"published": "2023-09-29T18:15:09.687",
"lastModified": "2023-09-29T18:22:47.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@tibco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com"
}
]
}

51
CVE-2023/CVE-2023-276xx/CVE-2023-27616.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27616",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.207",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:40:04.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <=\u00a010.6.6 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada No Autenticada en el complemento David F. Carr RSVPMaker en versiones &lt;= 10.6.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "10.6.7",
"matchCriteriaId": "C6586F8F-BEB3-4435-8BE1-C0EACC30EAE4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-276xx/CVE-2023-27617.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27617",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.370",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:39:53.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <=\u00a010.6.6 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento David F. Carr RSVPMaker en versiones &lt;= 10.6.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "10.6.7",
"matchCriteriaId": "C6586F8F-BEB3-4435-8BE1-C0EACC30EAE4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-276xx/CVE-2023-27622.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27622",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.623",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:40:15.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <=\u00a01.0.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Abel Ruiz GuruWalk Affiliates en versiones &lt;= 1.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:guruwalk:guruwalk_affiliates:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.0",
"matchCriteriaId": "17522F84-3FB4-41A3-B8C5-88D5EF5CABDC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/guruwalk-affiliates/wordpress-guruwalk-affiliates-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-276xx/CVE-2023-27628.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27628",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:48.993",
"lastModified": "2023-09-27T15:41:47.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:38:01.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <=\u00a01.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Webvitaly Sitekit en versiones &lt;= 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sitekit_project:sitekit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4",
"matchCriteriaId": "4A20F5C6-7295-4D1A-978C-EFAE65B75673"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sitekit/wordpress-sitekit-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-284xx/CVE-2023-28490.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28490",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:49.500",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:37:47.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <=\u00a02.0.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Estatik Estatik Mortgage Calculator &lt;= versiones 2.0.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:estatik:estatik_mortgage_calculator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.7",
"matchCriteriaId": "E3D4815A-99F2-4590-B222-B7222D0BC7A6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/estatik-mortgage-calculator/wordpress-wordpress-mortgage-calculator-estatik-plugin-2-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-340xx/CVE-2023-34043.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34043",
"sourceIdentifier": "security@vmware.com",
"published": "2023-09-27T15:18:52.593",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:22:05.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with administrative access to the local system can escalate privileges to 'root'."
},
{
"lang": "es",
"value": "VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a \"root\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +58,80 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations:8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "687D71FB-3546-4BCD-8FC1-815BB414243C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations:8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E76E0C75-6ADD-4507-92DD-0E1F79B915FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations:8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97B26BD6-DFDB-462F-8C4A-B08A6E60D4EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations:8.12.0:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "696B20A2-86DE-4C80-9B80-0E2BE7E4B5B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations:8.12.0:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "45A4469B-B86B-41D4-9424-6363DA648898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:aria_operations:8.12.0:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "B4014AE6-C095-49A3-9D30-185E9EF50976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.4",
"matchCriteriaId": "DBED072F-DE79-41C6-AD4F-02E10BD27FBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D640F9-7733-415F-8BA7-DC41658EDC76"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0020.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-379xx/CVE-2023-37941.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37941",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-06T14:15:10.483",
"lastModified": "2023-09-29T17:15:46.723",
"vulnStatus": "Modified",
"lastModified": "2023-09-29T18:25:29.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 0.7,
"impactScore": 5.9
},
{
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -64,6 +64,16 @@
"value": "CWE-502"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-394xx/CVE-2023-39410.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39410",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-29T17:15:46.923",
"lastModified": "2023-09-29T17:27:25.983",
"lastModified": "2023-09-29T18:15:09.777",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/6",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds",
"source": "security@apache.org"

83
CVE-2023/CVE-2023-403xx/CVE-2023-40375.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40375",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-09-28T18:15:11.830",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:47:31.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580."
},
{
"lang": "es",
"value": "El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la l\u00ednea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host. ID de IBM X-Force: 263580."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"
}
]
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7038748",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-403xx/CVE-2023-40384.json
View File

@ -2,27 +2,114 @@
"id": "CVE-2023-40384",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:04.630",
"lastModified": "2023-09-27T15:41:55.530",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:12:45.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de permisos con una redacci\u00f3n mejorada de informaci\u00f3n sensible. Este problema se solucion\u00f3 en tvOS 17, iOS 17 y iPadOS 17, macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n sensible de ubicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "93620AD0-115A-4F86-B533-76A190AF41A0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-413xx/CVE-2023-41320.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41320",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:29.297",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:15:45.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. La gesti\u00f3n de preferencias del dise\u00f1o de la interfaz de usuario se puede secuestrar para provocar una inyecci\u00f3n de SQL. Esta inyecci\u00f3n se puede utilizar para hacerse cargo de una cuenta de administrador. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "AC43FDD9-D833-4957-830E-F6557428DB4E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-413xx/CVE-2023-41321.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41321",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:29.423",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:13:40.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. Un usuario de API puede enumerar valores de campos confidenciales en recursos sobre los que tiene acceso de lectura. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.1",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "23C393AA-3C79-4DB5-84A8-755F77583A68"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-413xx/CVE-2023-41322.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41322",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:29.553",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:13:00.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. Un usuario con acceso de escritura a otro usuario puede realizar solicitudes para cambiar la contrase\u00f1a de este \u00faltimo y luego tomar el control de su cuenta. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +84,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "B865BE15-CDC8-447A-8601-174134E96250"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-413xx/CVE-2023-41323.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41323",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:29.670",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:12:16.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. Un usuario no autenticado puede enumerar los inicios de sesi\u00f3n de los usuarios. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.68",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "9228CBD1-1BD9-4DB5-A48E-3A153C8697A5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-413xx/CVE-2023-41324.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41324",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:29.797",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:11:50.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. Un usuario de API que tiene acceso de lectura a los recursos de los usuarios puede robar cuentas de otros usuarios. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "8E2F8428-3592-400E-B687-DAE7E229CD5D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-413xx/CVE-2023-41326.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41326",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:29.917",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:10:09.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. Un usuario que haya iniciado sesi\u00f3n desde cualquier perfil puede secuestrar la funci\u00f3n Kanban para alterar cualquier campo de usuario y terminar robando su cuenta. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "F389BA8D-7F56-4808-BF8E-F2C702097BCA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-418xx/CVE-2023-41888.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41888",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:31.013",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:44:13.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Gestionnaire Libre de Parc Informatique (GLPI) es un paquete Gratuito de Software de Gesti\u00f3n de Activos IT, que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. La falta de filtrado de rutas en la URL GLPI puede permitir que un atacante transmita una URL maliciosa de la p\u00e1gina de inicio de sesi\u00f3n que puede usarse para intentar un ataque de phishing a las credenciales del usuario. Se recomienda a los usuarios que actualicen a la versi\u00f3n 10.0.10. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.8",
"versionEndExcluding": "10.0.10",
"matchCriteriaId": "3303452B-893F-4458-8D18-85B2C053FA29"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-424xx/CVE-2023-42453.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42453",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:32.453",
"lastModified": "2023-09-27T15:41:20.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:43:41.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Synapse es un servidor dom\u00e9stico Matrix de c\u00f3digo abierto escrito y mantenido por la Fundaci\u00f3n Matrix.org. Los usuarios pod\u00edan falsificar recibos de lectura para cualquier evento (si conoc\u00edan el ID de la sala y el ID del evento). Tenga en cuenta que los usuarios no pudieron ver los eventos, simplemente marcarlos como le\u00eddos. Esto podr\u00eda resultar confuso ya que los clientes mostrar\u00e1n el evento tal como lo ley\u00f3 el usuario, incluso si no est\u00e1n en la sala. Este problema se solucion\u00f3 en la versi\u00f3n 1.93.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.34.0",
"versionEndExcluding": "1.93.0",
"matchCriteriaId": "655B00DF-6A38-4A54-8969-72F83636B4C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/pull/16327",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-424xx/CVE-2023-42460.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42460",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T15:19:32.543",
"lastModified": "2023-09-27T15:40:54.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:41:31.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626."
},
{
"lang": "es",
"value": "Vyper es un Pythonic Smart Contract Language para EVM. La funci\u00f3n `_abi_decode()` no valida la entrada cuando est\u00e1 anidada en una expresi\u00f3n. Se pueden crear usos de `_abi_decode()` que permitan omitir la verificaci\u00f3n de los l\u00edmites, lo que generar\u00e1 resultados incorrectos. Este problema a\u00fan no se ha solucionado, pero se espera que se solucione en la versi\u00f3n `0.3.10`. Se recomienda a los usuarios que hagan referencia al pull request #3626."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*",
"versionStartIncluding": "0.3.4",
"versionEndExcluding": "0.3.10",
"matchCriteriaId": "0D4639D6-93EE-4697-BEC9-894E9B39A3B4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/pull/3626",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-42xx/CVE-2023-4260.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4260",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-09-27T15:19:40.037",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:30:13.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.\n\n\n"
},
{
"lang": "es",
"value": "Posible vulnerabilidad de desbordamiento del b\u00fafer uno por uno en el sistema de archivos del fusible Zephyr."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -35,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-193"
}
]
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -50,10 +88,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.0",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh",
"source": "vulnerabilities@zephyrproject.org"
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-42xx/CVE-2023-4262.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4262",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-09-27T15:19:40.137",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:38:26.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Possible buffer overflow\u00a0 in Zephyr mgmt subsystem when asserts are disabled\n\n"
},
{
"lang": "es",
"value": "Posible desbordamiento del b\u00fafer en el subsistema de gesti\u00f3n de Zephyr cuando las afirmaciones est\u00e1n deshabilitadas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.0",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc",
"source": "vulnerabilities@zephyrproject.org"
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-42xx/CVE-2023-4264.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4264",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-09-27T15:19:40.230",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:41:13.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.\n\n\n"
},
{
"lang": "es",
"value": "Posibles vulnerabilidades de desbordamiento del b\u00fafer en el subsistema Bluetooth Zephyr."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -54,10 +88,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.0",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j",
"source": "vulnerabilities@zephyrproject.org"
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-430xx/CVE-2023-43013.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43013",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.037",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T19:12:42.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"
},
{
"lang": "es",
"value": "Asset Management System v1.0 es vulnerable a una vulnerabilidad de Inyecci\u00f3n SQL no autenticada en el par\u00e1metro 'email' de la p\u00e1gina index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y omitir el control de inicio de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:asset_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A5C3D-EB26-41B4-8D6A-BE16BE287F05"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/nergal",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-430xx/CVE-2023-43014.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43014",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T22:15:10.203",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:53:50.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Asset Management System v1.0 is vulnerable to\n\nan Authenticated SQL Injection vulnerability\n\non the 'first_name' and 'last_name' parameters\n\nof user.php page, allowing an authenticated\n\nattacker to dump all the contents of the database\n\ncontents.\n\n\n\n"
},
{
"lang": "es",
"value": "Asset Management System v1.0 es vulnerable a una vulnerabilidad de inyecci\u00f3n SQL autenticada en los par\u00e1metros 'first_name' y 'last_name' de la p\u00e1gina user.php, lo que permite a un atacante autenticado volcar todo el contenido de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:asset_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "656A5C3D-EB26-41B4-8D6A-BE16BE287F05"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/gaahl",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-432xx/CVE-2023-43226.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43226",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T20:15:10.880",
"lastModified": "2023-09-28T20:29:46.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:50:22.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en dede/baidunews.php en DedeCMS 5.7.111 y versiones anteriores permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.7.111",
"matchCriteriaId": "7CC8C881-E9BE-4BE6-9B70-FEEE8D3D14D1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zzq66/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-432xx/CVE-2023-43234.json
View File

@ -2,31 +2,99 @@
"id": "CVE-2023-43234",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:33.767",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:50:51.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que DedeBIZ v6.2.11 contiene m\u00faltiples vulnerabilidades de Ejecuci\u00f3n Remota de C\u00f3digo (RCE) en /admin/file_manage_control.php a trav\u00e9s de los par\u00e1metros $activepath y $filename."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedebiz:dedebiz:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1C51EF6C-1405-42FA-B55C-78227DF54694"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://dedebiz.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/yux1azhengye",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/yux1azhengye/mycve/blob/main/DedeBIZ_v6.2.11_RCE.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.dedebiz.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

74
CVE-2023/CVE-2023-432xx/CVE-2023-43263.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-43263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:33.823",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:07:37.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en Froala Editor v.4.1.1 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente Markdown."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:froala:froala_editor:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB68CF8-9500-4619-B1CF-32FE03ED6B61"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/b0marek/CVE-2023-43263",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=-dXipo_q7tM",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2023/CVE-2023-433xx/CVE-2023-43323.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43323",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T20:15:11.107",
"lastModified": "2023-09-28T20:29:46.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:14:51.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]."
},
{
"lang": "es",
"value": "mooSocial 3.1.8 es vulnerable a la interacci\u00f3n de servicios externos en la funci\u00f3n posterior. Cuando se ejecuta, el servidor env\u00eda una solicitud HTTP y DNS al servidor externo. Los par\u00e1metros afectados son m\u00faltiples: messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFC6658-3CF4-4FDA-B119-2A0687F3F5A2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ahrixia/CVE-2023-43323",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43871.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43871",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T14:15:23.883",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:24:00.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en WBCE v.1.6.1 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wbce:wbce_cms:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A0E2FF-55A5-4954-9B27-1E422DE6EB2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43872.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43872",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T14:15:24.320",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:18:42.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en CMSmadesimple v.2.2.18 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmsmadesimple:cmsmadesimple:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB3581E-8935-4576-B21A-F03A45256E22"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/CMSmadesimple-File-Upload--XSS---File-Manager",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-438xx/CVE-2023-43873.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43873",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T14:15:25.167",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:09:45.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en e017 CMS v.2.3.2 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para el Nombre archivado en el Men\u00fa Administrar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107_cms:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2614F838-7116-4C1C-95D4-5F48611FD9B1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/e107-CMS-Stored-XSS---Manage/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-438xx/CVE-2023-43874.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43874",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T14:15:25.783",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:04:52.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu."
},
{
"lang": "es",
"value": "Vulnerabilidad de m\u00faltiples Cross Site Scripting (XSS) en e017 CMS v.2.3.2 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado a en los campos Copyright y Autor en el Men\u00fa Meta y Etiquetas Personalizadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:e107:e107_cms:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2614F838-7116-4C1C-95D4-5F48611FD9B1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/e107-CMS-Stored-XSS---MetaCustomTags/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43876.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43876",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T15:15:12.497",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:55:30.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la instalaci\u00f3n de October v.3.4.16 permite a un atacante ejecutar scripts web arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo dbhost."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octobercms:october:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "782B21B1-44BF-4BCD-91B1-84E21706702E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/October-CMS-Reflected-XSS---Installation/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43878.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43878",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T15:15:12.573",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:07:05.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu."
},
{
"lang": "es",
"value": "Rite CMS 3.0 tiene m\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) que permiten a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en los Elementos del Men\u00fa Principal del Men\u00fa de Administraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ritecms:ritecms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5685F4C3-7F88-4548-98F0-93E731778DBE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/RiteCMS-Stored-XSS---MainMenu/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-43xx/CVE-2023-4316.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4316",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.313",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:58:57.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails\n\n\n\n"
},
{
"lang": "es",
"value": "Zod en su versi\u00f3n 3.22.2 permite a un atacante realizar una denegaci\u00f3n de servicio mientras valida correos electr\u00f3nicos"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zod:zod:3.22.2:*:*:*:*:node.js:*:*",
"matchCriteriaId": "4BE54383-C209-4101-B3EA-BC832CDAD214"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/swift",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.npmjs.com/package/zod",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-441xx/CVE-2023-44173.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44173",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.250",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T19:12:30.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Movie Ticket Booking System v1.0 is vulnerable to\n\nan authenticated Reflected Cross-Site Scripting vulnerability.\n\n\n\n"
},
{
"lang": "es",
"value": "El Online Movie Ticket Booking System v1.0 es vulnerable a una vulnerabilidad de Cross-Site Scripting reflejado autenticado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/harrison",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-441xx/CVE-2023-44174.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44174",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T22:15:10.787",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:51:03.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Movie Ticket Booking System v1.0 is vulnerable to\n\nan authenticated Stored Cross-Site Scripting vulnerability.\n\n\n\n"
},
{
"lang": "es",
"value": "Online Movie Ticket Booking System v1.0 es vulnerable a una vulnerabilidad de Cross-Site Scripting almacenado autenticado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/mccartney",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

117
CVE-2023/CVE-2023-45xx/CVE-2023-4565.json
View File

@ -2,23 +2,130 @@
"id": "CVE-2023-4565",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-27T15:19:40.933",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T19:48:19.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de permisos de transmisi\u00f3n en el m\u00f3dulo de framework. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que la funci\u00f3n de hotspot no est\u00e9 disponible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-51xx/CVE-2023-5168.json
View File

@ -2,31 +2,124 @@
"id": "CVE-2023-5168",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-09-27T15:19:42.067",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:44:04.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3."
},
{
"lang": "es",
"value": "Un proceso de contenido comprometido podr\u00eda haber proporcionado datos maliciosos a `FilterNodeD2D1`, lo que habr\u00eda resultado en una escritura fuera de los l\u00edmites, lo que habr\u00eda provocado una falla potencialmente explotable en un proceso privilegiado. Esta vulnerabilidad afecta a Firefox &lt; 118, Firefox ESR &lt; 115.3 y Thunderbird &lt; 115.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118",
"matchCriteriaId": "2216A424-94E2-45E7-BB95-646BFC8182E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3",
"matchCriteriaId": "EED826DF-6AB2-4D04-A4FC-A90EFDCB5EB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3",
"matchCriteriaId": "3ED03DF1-442F-4750-84BF-8C37C606843A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846683",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-41/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-42/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-43/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-51xx/CVE-2023-5185.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5185",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.507",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T18:54:59.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gym Management System Project v1.0 is vulnerable to\n\nan Insecure File Upload vulnerability on the 'file'\n\nparameter of profile/i.php page, allowing an\n\nauthenticated attacker to obtain Remote Code Execution\n\non the server hosting the application.\n\n\n\n"
},
{
"lang": "es",
"value": "Gym Management System Project v1.0 es vulnerable a una vulnerabilidad de Carga de Archivos Insegura en el par\u00e1metro 'file' de la p\u00e1gina perfil/i.php, lo que permite a un atacante autenticado obtener la Ejecuci\u00f3n Remota de C\u00f3digo en el servidor que aloja la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:gym_management_system_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D39DFA-79C2-49EC-8F4D-93B73F38E38C"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/orion",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

74
CVE-2023/CVE-2023-51xx/CVE-2023-5186.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-5186",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.760",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:30:17.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El use after free en Contrase\u00f1as en Google Chrome anterior a 117.0.5938.132 permit\u00eda a un atacante remoto convencer a un usuario de participar en una interacci\u00f3n de interfaz de usuario espec\u00edfica para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una interacci\u00f3n de interfaz de usuario manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "117.0.5938.132",
"matchCriteriaId": "8F840D02-4766-4644-8FD6-637E945E88FB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1478889",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

74
CVE-2023/CVE-2023-51xx/CVE-2023-5187.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-5187",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.883",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:32:23.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El use after free en Extensiones de Google Chrome anteriores a 117.0.5938.132 permiti\u00f3 a un atacante convencer a un usuario de instalar una extensi\u00f3n maliciosa para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "117.0.5938.132",
"matchCriteriaId": "8F840D02-4766-4644-8FD6-637E945E88FB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1475798",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

132
CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.980",
"lastModified": "2023-09-29T15:15:10.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T18:37:00.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,145 @@
"value": "El desbordamiento del b\u00fafer en la codificaci\u00f3n vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmproject:libvpx:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72B4E494-3620-40A9-A47A-EEC189BC2A7E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "117.0.5938.132",
"matchCriteriaId": "8F840D02-4766-4644-8FD6-637E945E88FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "118.0.1",
"matchCriteriaId": "B8EE027E-A8D8-4038-B0C5-3F9ABA3079B6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
"versionEndExcluding": "118.1",
"matchCriteriaId": "C0246068-275F-4D13-93B9-44AD91D2EFFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.3.1",
"matchCriteriaId": "2AAF4C02-0ED7-4AEF-BB14-A0A48DAC3B2E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*",
"versionEndExcluding": "118.1",
"matchCriteriaId": "54F53CD4-5766-401B-8333-1B8937112AD0"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/5",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/6",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/2",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1486441",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5276.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5276",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T18:15:09.863",
"lastModified": "2023-09-29T18:22:47.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20downloadable_student.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240904",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240904",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5277.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5277",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T18:15:09.963",
"lastModified": "2023-09-29T18:22:47.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240905",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240905",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5278.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5278",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T18:15:10.043",
"lastModified": "2023-09-29T18:22:47.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240906 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20login.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240906",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240906",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5279.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5279",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T18:15:10.117",
"lastModified": "2023-09-29T18:22:47.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20my_classmates.php%20%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240907",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240907",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5280.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5280",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T18:15:10.187",
"lastModified": "2023-09-29T18:22:47.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240908."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20my_students.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240908",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240908",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5281.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5281",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T19:15:09.493",
"lastModified": "2023-09-29T19:15:09.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20remove_inbox_message.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240909",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240909",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5282.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5282",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T19:15:09.570",
"lastModified": "2023-09-29T19:15:09.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240910 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20seed_message_student.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240910",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240910",
"source": "cna@vuldb.com"
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-29T18:00:25.269975+00:00
2023-09-29T20:00:24.629808+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-29T17:59:31.007000+00:00
2023-09-29T19:48:19.453000+00:00
```
### Last Data Feed Release
@ -29,51 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226617
226625
```
### CVEs added in the last Commit
Recently added CVEs: `8`
* [CVE-2023-5268](CVE-2023/CVE-2023-52xx/CVE-2023-5268.json) (`2023-09-29T16:15:10.617`)
* [CVE-2023-5269](CVE-2023/CVE-2023-52xx/CVE-2023-5269.json) (`2023-09-29T16:15:10.697`)
* [CVE-2023-5270](CVE-2023/CVE-2023-52xx/CVE-2023-5270.json) (`2023-09-29T16:15:10.777`)
* [CVE-2023-5271](CVE-2023/CVE-2023-52xx/CVE-2023-5271.json) (`2023-09-29T16:15:10.853`)
* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-09-29T17:15:46.923`)
* [CVE-2023-3024](CVE-2023/CVE-2023-30xx/CVE-2023-3024.json) (`2023-09-29T17:15:47.043`)
* [CVE-2023-5272](CVE-2023/CVE-2023-52xx/CVE-2023-5272.json) (`2023-09-29T17:15:48.323`)
* [CVE-2023-5273](CVE-2023/CVE-2023-52xx/CVE-2023-5273.json) (`2023-09-29T17:15:48.567`)
* [CVE-2023-26218](CVE-2023/CVE-2023-262xx/CVE-2023-26218.json) (`2023-09-29T18:15:09.687`)
* [CVE-2023-5276](CVE-2023/CVE-2023-52xx/CVE-2023-5276.json) (`2023-09-29T18:15:09.863`)
* [CVE-2023-5277](CVE-2023/CVE-2023-52xx/CVE-2023-5277.json) (`2023-09-29T18:15:09.963`)
* [CVE-2023-5278](CVE-2023/CVE-2023-52xx/CVE-2023-5278.json) (`2023-09-29T18:15:10.043`)
* [CVE-2023-5279](CVE-2023/CVE-2023-52xx/CVE-2023-5279.json) (`2023-09-29T18:15:10.117`)
* [CVE-2023-5280](CVE-2023/CVE-2023-52xx/CVE-2023-5280.json) (`2023-09-29T18:15:10.187`)
* [CVE-2023-5281](CVE-2023/CVE-2023-52xx/CVE-2023-5281.json) (`2023-09-29T19:15:09.493`)
* [CVE-2023-5282](CVE-2023/CVE-2023-52xx/CVE-2023-5282.json) (`2023-09-29T19:15:09.570`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `46`
* [CVE-2022-36227](CVE-2022/CVE-2022-362xx/CVE-2022-36227.json) (`2023-09-29T17:15:46.613`)
* [CVE-2023-43857](CVE-2023/CVE-2023-438xx/CVE-2023-43857.json) (`2023-09-29T16:11:48.360`)
* [CVE-2023-5162](CVE-2023/CVE-2023-51xx/CVE-2023-5162.json) (`2023-09-29T16:13:27.713`)
* [CVE-2023-39308](CVE-2023/CVE-2023-393xx/CVE-2023-39308.json) (`2023-09-29T16:15:10.527`)
* [CVE-2023-44047](CVE-2023/CVE-2023-440xx/CVE-2023-44047.json) (`2023-09-29T16:24:15.493`)
* [CVE-2023-43884](CVE-2023/CVE-2023-438xx/CVE-2023-43884.json) (`2023-09-29T16:27:23.523`)
* [CVE-2023-43331](CVE-2023/CVE-2023-433xx/CVE-2023-43331.json) (`2023-09-29T16:29:51.383`)
* [CVE-2023-43879](CVE-2023/CVE-2023-438xx/CVE-2023-43879.json) (`2023-09-29T16:35:38.223`)
* [CVE-2023-30415](CVE-2023/CVE-2023-304xx/CVE-2023-30415.json) (`2023-09-29T16:57:27.170`)
* [CVE-2023-37941](CVE-2023/CVE-2023-379xx/CVE-2023-37941.json) (`2023-09-29T17:15:46.723`)
* [CVE-2023-38139](CVE-2023/CVE-2023-381xx/CVE-2023-38139.json) (`2023-09-29T17:15:46.800`)
* [CVE-2023-42793](CVE-2023/CVE-2023-427xx/CVE-2023-42793.json) (`2023-09-29T17:15:47.117`)
* [CVE-2023-4752](CVE-2023/CVE-2023-47xx/CVE-2023-4752.json) (`2023-09-29T17:15:47.233`)
* [CVE-2023-4781](CVE-2023/CVE-2023-47xx/CVE-2023-4781.json) (`2023-09-29T17:15:47.317`)
* [CVE-2023-30471](CVE-2023/CVE-2023-304xx/CVE-2023-30471.json) (`2023-09-29T17:16:36.613`)
* [CVE-2023-43291](CVE-2023/CVE-2023-432xx/CVE-2023-43291.json) (`2023-09-29T17:25:25.957`)
* [CVE-2023-42222](CVE-2023/CVE-2023-422xx/CVE-2023-42222.json) (`2023-09-29T17:31:44.100`)
* [CVE-2023-2358](CVE-2023/CVE-2023-23xx/CVE-2023-2358.json) (`2023-09-29T17:32:30.117`)
* [CVE-2023-28055](CVE-2023/CVE-2023-280xx/CVE-2023-28055.json) (`2023-09-29T17:36:40.987`)
* [CVE-2023-40391](CVE-2023/CVE-2023-403xx/CVE-2023-40391.json) (`2023-09-29T17:43:11.557`)
* [CVE-2023-20254](CVE-2023/CVE-2023-202xx/CVE-2023-20254.json) (`2023-09-29T17:49:36.903`)
* [CVE-2023-44048](CVE-2023/CVE-2023-440xx/CVE-2023-44048.json) (`2023-09-29T17:52:10.340`)
* [CVE-2023-5244](CVE-2023/CVE-2023-52xx/CVE-2023-5244.json) (`2023-09-29T17:53:12.883`)
* [CVE-2023-4423](CVE-2023/CVE-2023-44xx/CVE-2023-4423.json) (`2023-09-29T17:59:31.007`)
* [CVE-2023-27622](CVE-2023/CVE-2023-276xx/CVE-2023-27622.json) (`2023-09-29T18:40:15.887`)
* [CVE-2023-0456](CVE-2023/CVE-2023-04xx/CVE-2023-0456.json) (`2023-09-29T18:40:56.213`)
* [CVE-2023-42460](CVE-2023/CVE-2023-424xx/CVE-2023-42460.json) (`2023-09-29T18:41:31.073`)
* [CVE-2023-42453](CVE-2023/CVE-2023-424xx/CVE-2023-42453.json) (`2023-09-29T18:43:41.520`)
* [CVE-2023-5168](CVE-2023/CVE-2023-51xx/CVE-2023-5168.json) (`2023-09-29T18:44:04.247`)
* [CVE-2023-41888](CVE-2023/CVE-2023-418xx/CVE-2023-41888.json) (`2023-09-29T18:44:13.300`)
* [CVE-2023-40375](CVE-2023/CVE-2023-403xx/CVE-2023-40375.json) (`2023-09-29T18:47:31.213`)
* [CVE-2023-43226](CVE-2023/CVE-2023-432xx/CVE-2023-43226.json) (`2023-09-29T18:50:22.470`)
* [CVE-2023-43234](CVE-2023/CVE-2023-432xx/CVE-2023-43234.json) (`2023-09-29T18:50:51.993`)
* [CVE-2023-44174](CVE-2023/CVE-2023-441xx/CVE-2023-44174.json) (`2023-09-29T18:51:03.810`)
* [CVE-2023-43014](CVE-2023/CVE-2023-430xx/CVE-2023-43014.json) (`2023-09-29T18:53:50.133`)
* [CVE-2023-5185](CVE-2023/CVE-2023-51xx/CVE-2023-5185.json) (`2023-09-29T18:54:59.730`)
* [CVE-2023-43876](CVE-2023/CVE-2023-438xx/CVE-2023-43876.json) (`2023-09-29T18:55:30.073`)
* [CVE-2023-4316](CVE-2023/CVE-2023-43xx/CVE-2023-4316.json) (`2023-09-29T18:58:57.833`)
* [CVE-2023-43874](CVE-2023/CVE-2023-438xx/CVE-2023-43874.json) (`2023-09-29T19:04:52.850`)
* [CVE-2023-43873](CVE-2023/CVE-2023-438xx/CVE-2023-43873.json) (`2023-09-29T19:09:45.873`)
* [CVE-2023-44173](CVE-2023/CVE-2023-441xx/CVE-2023-44173.json) (`2023-09-29T19:12:30.633`)
* [CVE-2023-43013](CVE-2023/CVE-2023-430xx/CVE-2023-43013.json) (`2023-09-29T19:12:42.777`)
* [CVE-2023-43323](CVE-2023/CVE-2023-433xx/CVE-2023-43323.json) (`2023-09-29T19:14:51.303`)
* [CVE-2023-43872](CVE-2023/CVE-2023-438xx/CVE-2023-43872.json) (`2023-09-29T19:18:42.467`)
* [CVE-2023-43871](CVE-2023/CVE-2023-438xx/CVE-2023-43871.json) (`2023-09-29T19:24:00.853`)
* [CVE-2023-4260](CVE-2023/CVE-2023-42xx/CVE-2023-4260.json) (`2023-09-29T19:30:13.637`)
* [CVE-2023-4262](CVE-2023/CVE-2023-42xx/CVE-2023-4262.json) (`2023-09-29T19:38:26.390`)
* [CVE-2023-4264](CVE-2023/CVE-2023-42xx/CVE-2023-4264.json) (`2023-09-29T19:41:13.227`)
* [CVE-2023-4565](CVE-2023/CVE-2023-45xx/CVE-2023-4565.json) (`2023-09-29T19:48:19.453`)
## Download and Usage