admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-05T16:00:26.322119+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-05 16:00:30 +00:00
parent e6375d2faa
commit 847d7b9741
51 changed files with 21168 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2013/CVE-2013-18xx/CVE-2013-1860.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-1860",
"sourceIdentifier": "secalert@redhat.com",
"published": "2013-03-22T11:59:11.693",
"lastModified": "2023-08-11T18:18:05.023",
"lastModified": "2023-10-05T14:19:52.943",
"vulnStatus": "Analyzed",
"descriptions": [
{

10
CVE-2015/CVE-2015-89xx/CVE-2015-8955.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-8955",
"sourceIdentifier": "security@android.com",
"published": "2016-10-10T10:59:03.323",
"lastModified": "2023-08-11T19:56:37.417",
"lastModified": "2023-10-05T14:19:01.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "3.16.39",
"matchCriteriaId": "7C6D7B58-EE58-4FB4-8C1F-E7C187696B75"
"versionEndExcluding": "3.16.39",
"matchCriteriaId": "C011FFDB-D1D8-4323-A9C4-1E04BE73BB0F"
},
{
"vulnerable": true,
@ -142,7 +142,9 @@
"url": "http://www.securityfocus.com/bid/93314",
"source": "security@android.com",
"tags": [
"URL Repurposed"
"Third Party Advisory",
"URL Repurposed",
"VDB Entry"
]
},
{

6
CVE-2018/CVE-2018-108xx/CVE-2018-10878.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-10878",
"sourceIdentifier": "secalert@redhat.com",
"published": "2018-07-26T18:29:00.307",
"lastModified": "2023-08-11T19:37:13.830",
"lastModified": "2023-10-05T14:15:54.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -142,8 +142,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "3.16.58",
"matchCriteriaId": "5696A014-D662-4B38-B9E5-B443F194313D"
"versionEndExcluding": "3.16.58",
"matchCriteriaId": "11E1F58E-7418-4A0D-83A1-97EC28ECCCD9"
},
{
"vulnerable": true,

2
CVE-2019/CVE-2019-114xx/CVE-2019-11486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-11486",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-04-23T22:29:05.133",
"lastModified": "2023-07-07T19:25:01.960",
"lastModified": "2023-10-05T14:22:44.860",
"vulnStatus": "Analyzed",
"descriptions": [
{

9
CVE-2020/CVE-2020-256xx/CVE-2020-25668.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-25668",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-05-26T12:15:15.687",
"lastModified": "2023-07-28T19:39:59.777",
"lastModified": "2023-10-05T14:21:38.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -91,7 +91,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -100,8 +99,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.4.242",
"matchCriteriaId": "B716AFEA-D243-4E0C-898C-360B869E0419"
"versionEndExcluding": "4.4.242",
"matchCriteriaId": "987CF6CC-7083-4045-89DA-8E3210D903F0"
},
{
"vulnerable": true,
@ -143,7 +142,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -159,7 +157,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

6
CVE-2020/CVE-2020-277xx/CVE-2020-27777.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-27777",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-12-15T17:15:14.333",
"lastModified": "2023-07-28T19:39:28.790",
"lastModified": "2023-10-05T14:29:57.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.14.204",
"matchCriteriaId": "5679786D-1F4E-4EDC-8DAA-47004EEA4182"
"versionEndExcluding": "4.14.204",
"matchCriteriaId": "4E937D66-38EE-44AF-9561-1993C02F24DD"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-289xx/CVE-2021-28972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-28972",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-03-22T17:15:15.200",
"lastModified": "2023-08-11T19:52:12.537",
"lastModified": "2023-10-05T14:32:22.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.4.263",
"matchCriteriaId": "AA352643-6259-4A2F-A0F0-ACFFE903EE80"
"versionEndExcluding": "4.4.263",
"matchCriteriaId": "E6700326-D14A-444C-940F-A8B78A921A5A"
},
{
"vulnerable": true,

10
CVE-2021/CVE-2021-36xx/CVE-2021-3640.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3640",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-03-03T23:15:08.197",
"lastModified": "2023-08-11T19:36:31.893",
"lastModified": "2023-10-05T14:51:15.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -91,7 +91,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -100,8 +99,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.4.293",
"matchCriteriaId": "B85FF468-D2DA-48F6-B46C-4E7AB88A7FC5"
"versionEndExcluding": "4.4.293",
"matchCriteriaId": "83024F84-4857-4CAF-957E-C14804BAC4AF"
},
{
"vulnerable": true,
@ -157,7 +156,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -173,7 +171,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -189,7 +186,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

75
CVE-2022/CVE-2022-224xx/CVE-2022-22447.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-22447",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-04T00:15:11.293",
"lastModified": "2023-10-04T12:56:10.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:19:45.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648."
},
{
"lang": "es",
"value": "IBM Disconnected Log Collector 1.0 a 1.8.2 es vulnerable a posibles errores de configuraci\u00f3n de seguridad que podr\u00edan revelar informaci\u00f3n no deseada. ID de IBM X-Force: 224648."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:disconnected_log_collector:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "1.8.3",
"matchCriteriaId": "E3204203-5E2A-424B-BCE0-4D2905F66FCC"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224648",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/7042313",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7042313",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
}
]
}

7
CVE-2022/CVE-2022-32xx/CVE-2022-3202.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3202",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-09-14T15:15:11.453",
"lastModified": "2023-08-04T17:51:33.047",
"lastModified": "2023-10-05T14:09:07.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,7 +62,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -71,8 +70,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.9.311",
"matchCriteriaId": "01AFDDE4-3F69-4F96-B5CA-97FA4554F47A"
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "C86EFD13-93D4-4385-83E8-C665BE8F570F"
},
{
"vulnerable": true,

47
CVE-2022/CVE-2022-32xx/CVE-2022-3248.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-3248",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T14:15:09.650",
"lastModified": "2023-10-05T14:15:09.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenShift API, as admission checks do not enforce \"custom-host\" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3248",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072188",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2022/CVE-2022-418xx/CVE-2022-41858.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41858",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-01-17T18:15:11.140",
"lastModified": "2023-08-04T17:43:44.517",
"lastModified": "2023-10-05T14:13:39.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -66,8 +66,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.9.311",
"matchCriteriaId": "01AFDDE4-3F69-4F96-B5CA-97FA4554F47A"
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "C86EFD13-93D4-4385-83E8-C665BE8F570F"
},
{
"vulnerable": true,

12
CVE-2022/CVE-2022-463xx/CVE-2022-46387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46387",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-28T20:15:10.940",
"lastModified": "2023-10-03T15:18:36.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-05T14:14:41.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -55,9 +55,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmder_project:cmder:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:cmder:cmder:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.2",
"matchCriteriaId": "1F609EF0-A6FF-4F67-9380-E5C6FA1C363E"
"matchCriteriaId": "9FC90BDE-5692-47F6-9E5E-7E56138BB819"
}
]
}
@ -72,8 +72,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maximus5:conemu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "220807",
"matchCriteriaId": "09AD260D-2D25-4D35-9A74-981B2C5EBCAA"
"versionEndIncluding": "22.08.07",
"matchCriteriaId": "43CF9C8A-DC56-48B5-BABC-E5950ED9E576"
}
]
}

2
CVE-2023/CVE-2023-18xx/CVE-2023-1829.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1829",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-04-12T12:15:07.080",
"lastModified": "2023-07-06T16:43:18.740",
"lastModified": "2023-10-05T14:52:02.650",
"vulnStatus": "Analyzed",
"descriptions": [
{

12
CVE-2023/CVE-2023-245xx/CVE-2023-24594.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24594",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-05-03T15:15:12.447",
"lastModified": "2023-05-10T18:41:03.263",
"lastModified": "2023-10-05T14:59:56.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,7 +17,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -25,12 +25,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
"impactScore": 1.4
},
{
"source": "f5sirt@f5.com",

59
CVE-2023/CVE-2023-283xx/CVE-2023-28372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28372",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2023-10-02T23:15:12.293",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:50:10.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "psirt@purestorage.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.1.0",
"matchCriteriaId": "AAB08A18-1D0D-490B-8646-399DB3091DF8"
}
]
}
]
}
],
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372",
"source": "psirt@purestorage.com"
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-283xx/CVE-2023-28373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28373",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2023-10-03T00:15:09.913",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:39:04.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "psirt@purestorage.com",
"type": "Secondary",
@ -38,10 +58,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndIncluding": "6.1.22",
"matchCriteriaId": "3F59FAA6-8982-4800-A1C4-10F22D48EC8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.15",
"matchCriteriaId": "7FFCC8E3-F18E-4013-AE72-7C2FBB9AAA73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndIncluding": "6.3.6",
"matchCriteriaId": "9C2DB4EF-77FB-43E8-B87B-D1B8173BB6EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9E8C5D-640F-42DB-8842-5D381EF9FF35"
}
]
}
]
}
],
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373",
"source": "psirt@purestorage.com"
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-284xx/CVE-2023-28406.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28406",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-05-03T15:15:12.720",
"lastModified": "2023-05-10T18:44:23.393",
"lastModified": "2023-10-05T15:52:29.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,20 +17,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
"impactScore": 1.4
},
{
"source": "f5sirt@f5.com",

57
CVE-2023/CVE-2023-307xx/CVE-2023-30735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30735",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-10-04T04:15:13.380",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:15:31.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:sassistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.7",
"matchCriteriaId": "2D77CFDD-D974-472A-82C9-1DFBB63FBB00"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-307xx/CVE-2023-30737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30737",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-10-04T04:15:13.647",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:15:57.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:health:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.24.3.007",
"matchCriteriaId": "A52F47BC-219F-411D-8D1F-609F18F8D9F2"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-310xx/CVE-2023-31042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31042",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2023-10-02T23:15:12.397",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:46:26.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@purestorage.com",
"type": "Secondary",
@ -38,10 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.6",
"matchCriteriaId": "0CAD37B1-C5AC-4CD5-98DB-9D71FDA4436A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.0.4",
"matchCriteriaId": "5A110562-3372-4131-9D8E-8CEA1522BF76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "4.1.1",
"matchCriteriaId": "D9DDCB7D-6ADD-4C60-9B4B-1FC08832ECC4"
}
]
}
]
}
],
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042",
"source": "psirt@purestorage.com"
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-323xx/CVE-2023-32396.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32396",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.357",
"lastModified": "2023-10-03T06:15:26.083",
"vulnStatus": "Modified",
"lastModified": "2023-10-05T14:39:05.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -101,7 +101,11 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/7",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213936",

10
CVE-2023/CVE-2023-324xx/CVE-2023-32421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32421",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.413",
"lastModified": "2023-10-03T06:15:26.197",
"vulnStatus": "Modified",
"lastModified": "2023-10-05T14:38:05.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -71,7 +71,11 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",

67
CVE-2023/CVE-2023-325xx/CVE-2023-32572.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32572",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2023-10-03T00:15:09.990",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:38:20.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@purestorage.com",
"type": "Secondary",
@ -38,10 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndIncluding": "6.3.7",
"matchCriteriaId": "7ADFB62F-89D0-47D3-B1AE-2F94E0CB836B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.1",
"matchCriteriaId": "BF891343-05A8-462B-A154-F62D61188B04"
}
]
}
]
}
],
"references": [
{
"url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572",
"source": "psirt@purestorage.com"
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8899
CVE-2023/CVE-2023-330xx/CVE-2023-33027.json
View File

File diff suppressed because it is too large Load Diff

4795
CVE-2023/CVE-2023-330xx/CVE-2023-33028.json
View File

File diff suppressed because it is too large Load Diff

3608
CVE-2023/CVE-2023-330xx/CVE-2023-33029.json
View File

File diff suppressed because it is too large Load Diff

1772
CVE-2023/CVE-2023-330xx/CVE-2023-33034.json
View File

File diff suppressed because it is too large Load Diff

21
CVE-2023/CVE-2023-350xx/CVE-2023-35074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.800",
"lastModified": "2023-10-03T06:15:28.110",
"vulnStatus": "Modified",
"lastModified": "2023-10-05T14:33:43.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -101,15 +101,26 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/10",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://support.apple.com/en-us/HT213936",

77
CVE-2023/CVE-2023-359xx/CVE-2023-35905.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35905",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-04T01:15:50.950",
"lastModified": "2023-10-04T12:56:10.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:19:06.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384."
},
{
"lang": "es",
"value": "IBM FileNet Content Manager 5.5.8, 5.5.10 y 5.5.11 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 259384."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F706FB22-1226-4B24-AC03-3D28474D5CFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6657F198-FE38-4040-B07E-4DA8A900BF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "22D69599-B4F3-4012-9C42-388847D7EFBB"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259384",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7014389",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-359xx/CVE-2023-35984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35984",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.917",
"lastModified": "2023-10-03T06:15:28.380",
"vulnStatus": "Modified",
"lastModified": "2023-10-05T14:33:38.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -95,19 +95,35 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/10",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/8",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/9",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213936",

73
CVE-2023/CVE-2023-366xx/CVE-2023-36627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36627",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2023-10-02T23:15:12.470",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:39:20.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "psirt@purestorage.com",
"type": "Secondary",
@ -38,10 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.7",
"matchCriteriaId": "D1C0F497-DD08-458D-880A-6F28D43EAA65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.0.5",
"matchCriteriaId": "3742D7B1-35C9-411A-95E5-694631B7314E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndIncluding": "4.1.2",
"matchCriteriaId": "74E272AA-D989-45ED-881E-6F05EDE1C255"
}
]
}
]
}
],
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627",
"source": "psirt@purestorage.com"
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-366xx/CVE-2023-36628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36628",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2023-10-03T00:15:10.057",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:33:32.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@purestorage.com",
"type": "Secondary",
@ -38,10 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndIncluding": "6.3.11",
"matchCriteriaId": "6881D7BE-6B12-41E7-887C-C6BD9ACEEDFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.5",
"matchCriteriaId": "BAE96D7F-D9ED-48B4-8E5B-CE5537C79C4A"
}
]
}
]
}
],
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628",
"source": "psirt@purestorage.com"
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-374xx/CVE-2023-37404.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37404",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-04T02:15:09.923",
"lastModified": "2023-10-04T12:56:10.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:18:33.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789."
},
{
"lang": "es",
"value": "IBM Observability con Instana 1.0.243 a 1.0.254 podr\u00eda permitir que un atacante en la red ejecute c\u00f3digo arbitrario en el host despu\u00e9s de un ataque exitoso de envenenamiento de DNS. ID de IBM X-Force: 259789."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -34,14 +58,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:observability_with_instana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.243",
"versionEndExcluding": "1.0.255",
"matchCriteriaId": "A4B94A3B-F9EE-4018-9B5F-B0DEC00CF93A"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259789",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7041863",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-396xx/CVE-2023-39645.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39645",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.240",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:16:41.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module \u201cTheme Volty CMS Payment Icon\u201d (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS Payment Icon para PrestaShop. En el m\u00f3dulo \u201cTheme Volty CMS Payment Icon\u201d (tvcmspaymenticon) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:cms_payment_icon:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "4.0.2",
"matchCriteriaId": "3483A11D-8685-4477-A8BE-BE00C95AA46A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmspaymenticon.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-396xx/CVE-2023-39646.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39646",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T22:15:10.263",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:17:38.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module \u201cTheme Volty CMS Category Chain Slide\"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS Category Chain Slider para PrestaShop. En el m\u00f3dulo \u201cTheme Volty CMS Category Chain Slide\"(tvcmscategorychainslider) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL en las versiones afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_category_chain_slider:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "4.0.1",
"matchCriteriaId": "8A6AFB97-72A9-41B7-8372-7F049F9DE040"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-396xx/CVE-2023-39647.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39647",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T23:15:09.380",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:19:55.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module \u201cTheme Volty CMS Category Product\u201d (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS Category Product para PrestaShop. En el m\u00f3dulo \u201cTheme Volty CMS Category Product\u201d (tvcmscategoryproduct) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_category_product:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "4.0.1",
"matchCriteriaId": "30F89609-AE7C-4108-BE28-D005F2CFC874"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategoryproduct.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-396xx/CVE-2023-39648.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39648",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T22:15:10.323",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:17:30.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module \u201cTheme Volty CMS Testimonial\u201d (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS Testimonial para PrestaShop. En el m\u00f3dulo \u201cTestimonio de Theme Volty CMS\u201d (tvcmstestimonial) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_testimonial:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "4.0.1",
"matchCriteriaId": "950F64C2-BD91-4F39-822B-2EB3759CCE66"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmstestimonial.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-396xx/CVE-2023-39649.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39649",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T22:15:10.367",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:17:55.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module \u201cTheme Volty CMS Category Slider\u201d (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS Category Slider para PrestaShop. En el m\u00f3dulo \u201cTheme Volty CMS Category Slider\u201d (tvcmscategoryslider) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_category_slider:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "4.0.1",
"matchCriteriaId": "CACB5DB0-F42A-4E28-B6F6-3761C605E926"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategoryslider.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-399xx/CVE-2023-39923.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39923",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T12:15:10.547",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:50:28.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <=\u00a07.2.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento RadiusTheme The Post Grid en versiones &lt;= 7.2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radiustheme:the_post_grid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.2.7",
"matchCriteriaId": "54BE68B7-F883-4AC5-BDC7-D44854CAA258"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-2-7-cross-site-request-forgery-csrf-leading-to-css-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-404xx/CVE-2023-40409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40409",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:08.793",
"lastModified": "2023-10-03T06:15:33.430",
"vulnStatus": "Modified",
"lastModified": "2023-10-05T14:33:28.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -103,7 +103,11 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/5",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213931",

95
CVE-2023/CVE-2023-433xx/CVE-2023-43320.json
View File

@ -2,27 +2,110 @@
"id": "CVE-2023-43320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:12.113",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:08:56.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component."
},
{
"lang": "es",
"value": "Un problema en Proxmox Server Solutions GmbH Proxmox VE v.5.4 hasta v.8.0, Proxmox Backup Server v.1.1 hasta v.3.0 y Proxmox Mail Gateway v.7.1 hasta v.8.0 permite a un atacante autenticado remoto escalar privilegios evitando el Componente de autenticaci\u00f3n de dos factores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proxmox:backup_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1",
"versionEndIncluding": "3.0",
"matchCriteriaId": "026AA113-B499-4137-BB0E-18B1A1B80E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proxmox:proxmox_mail_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1",
"versionEndIncluding": "8.0",
"matchCriteriaId": "3454EA4B-BC66-4F9F-A3EA-F81668740672"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndIncluding": "8.0",
"matchCriteriaId": "B76EFF18-E949-4A2D-93E0-893ECAF4493C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4579",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4584",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-436xx/CVE-2023-43656.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43656",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T21:15:10.443",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:14:13.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config."
},
{
"lang": "es",
"value": "Matrix-hookshot es un bot de Matrix para conectarse a servicios externos como GitHub, GitLab, JIRA y m\u00e1s. Las instancias que tienen funciones de transformaci\u00f3n habilitadas (aquellas que tienen `generic.allowJsTransformationFunctions` en su configuraci\u00f3n) pueden ser vulnerables a un ataque en el que es posible salir del entorno limitado de `vm2` y, como resultado, Hookshot ser\u00e1 vulnerable a esto. Es probable que este problema solo afecte a los usuarios que han permitido que usuarios que no son de confianza apliquen sus propias funciones de transformaci\u00f3n. Si solo ha habilitado un conjunto limitado de usuarios confiables, esta amenaza se reduce (aunque no se elimina). La versi\u00f3n 4.5.0 y superiores de hookshot incluyen una nueva biblioteca sandbox que deber\u00eda proteger mejor a los usuarios. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben desactivar `generic.allowJsTransformationFunctions` en la configuraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrix:hookshot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.0",
"matchCriteriaId": "3DD3E619-C694-4791-81D9-DB823DA5BEDA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/matrix-hookshot/commit/dc126afa6af86d66aefcd23a825326f405bcc894",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/matrix-org/matrix-hookshot/security/advisories/GHSA-fr97-pv6w-4cj6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-439xx/CVE-2023-43976.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-43976",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T19:15:09.677",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:17:11.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component."
},
{
"lang": "es",
"value": "Un problema en CatoNetworks CatoClient anterior a v.5.4.0 permite a los atacantes escalar privilegios y ganar la condici\u00f3n de ejecuci\u00f3n (TOCTOU) a trav\u00e9s del componente PrivilegedHelperTool."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:catonetworks:cato_client:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.4.0",
"matchCriteriaId": "9726268C-0029-49F2-B3D3-D70162D186C8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.catonetworks.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.ns-echo.com/posts/cve_2023_43976.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

278
CVE-2023/CVE-2023-442xx/CVE-2023-44216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44216",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:39.583",
"lastModified": "2023-10-03T05:15:51.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T14:36:00.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,46 +11,298 @@
},
{
"lang": "es",
"value": "PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresi\u00f3n transparente por software que permite ataques de robo de p\u00edxeles de origen cruzado contra feTurbulence y feBlend en la especificaci\u00f3n del filtro SVG. Por ejemplo, los atacantes a veces pueden determinar con precisi\u00f3n el texto contenido en una p\u00e1gina web de un origen si controlan un recurso de un origen diferente."
"value": "PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresi\u00f3n transparente por software que permite ataques de robo de p\u00edxeles de origen cruzado contra feTurbulence y feBlend en la especificaci\u00f3n del filtro SVG, tambi\u00e9n conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisi\u00f3n el texto contenido en una p\u00e1gina web de un origen si controlan un recurso de un origen diferente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:amd:ryzen_7_4800u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1E9A6F-7339-4679-B83B-87BC1BEEFA16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:core_i7-10510u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "494A828B-F2BF-40CA-AAFB-7D2AF2BAF3AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:core_i7-12700k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF502AE-BD3F-461B-9476-FB04818DA1F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:core_i7-8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04076FFA-D74F-4501-9921-D8EBDF97CD20"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:professional:*:*:*",
"matchCriteriaId": "45ED814C-867A-4365-BE5F-4139DF1A60F6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:core_i7-10610u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D974FFFD-BBCC-444C-9EF1-AE478EEDB6E2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:home:*:*:*",
"matchCriteriaId": "BA83E0AD-5158-4BE3-9DF7-1803D4E70292"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:intel:core_i7-11800h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FDB568-5340-4DD8-B933-1CD64C370BD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:nvidia:geforce_rtx_3060:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBCF01F-EA62-4733-9E6D-E72439C4B65A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:pro:*:*:*",
"matchCriteriaId": "4F43060F-72D2-4417-A495-49D62044EC8D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C05D51F-469D-487D-9FC8-E1AD699A6F74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:nvidia:geforce_rtx_2080_super:-:*:*:*:*:*:*:*",
"matchCriteriaId": "633AB383-A5D6-4F0F-A973-FE777117A856"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E6469-A678-47A5-A162-259FE0325CA7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:apple:m1_mac_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F186A650-BC3B-4D43-B177-DC98BFD82DD2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://blog.imaginationtech.com/reducing-bandwidth-pvric/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://github.com/UT-Security/gpu-zip",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://news.ycombinator.com/item?id=37663159",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://www.hertzbleed.com/gpu.zip/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.w3.org/TR/filter-effects-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

59
CVE-2023/CVE-2023-443xx/CVE-2023-44390.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44390",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-05T14:15:09.737",
"lastModified": "2023-10-05T14:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/mganss/HtmlSanitizer/commit/ab29319866c020f0cc11e6b92228cd8039196c6e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-43cp-6p3q-2pc4",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2023/CVE-2023-449xx/CVE-2023-44973.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-44973",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.617",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-05T15:16:23.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente /content/templates/ de Emlog Pro v2.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:2.2.0:*:*:*:pro:*:*:*",
"matchCriteriaId": "16852405-4A51-4BFE-B6BB-8D505D36243E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yangliukk/emlog/blob/main/Template-getshell.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-449xx/CVE-2023-44974.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-44974",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.660",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-05T15:17:48.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente /admin/plugin.php de Emlog Pro v2.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:2.2.0:*:*:*:pro:*:*:*",
"matchCriteriaId": "16852405-4A51-4BFE-B6BB-8D505D36243E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yangliukk/emlog/blob/main/Plugin-getshell.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-52xx/CVE-2023-5215.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5215",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-28T14:15:26.117",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T15:03:01.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en libnbd. Un servidor puede responder con un tama\u00f1o de bloque mayor que 2^63 (la especificaci\u00f3n NBD establece que el tama\u00f1o es un valor sin signo de 64 bits). Este problema podr\u00eda provocar un bloqueo de la aplicaci\u00f3n u otro comportamiento no deseado para los clientes NBD que no traten correctamente el valor de retorno de la funci\u00f3n nbd_get_size()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,69 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18.0",
"matchCriteriaId": "8F80CC2D-BE95-4150-A78B-0C12345CCC87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5215",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241041",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://listman.redhat.com/archives/libguestfs/2023-September/032635.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
]
}
]
}

81
CVE-2023/CVE-2023-52xx/CVE-2023-5256.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-5256",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2023-09-28T19:15:10.977",
"lastModified": "2023-09-28T20:29:46.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-05T14:54:22.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"
},
{
"lang": "es",
"value": "En ciertos escenarios, el m\u00f3dulo JSON:API de Drupal generar\u00e1 seguimientos de errores. Con algunas configuraciones, esto puede hacer que la informaci\u00f3n confidencial se almacene en cach\u00e9 y se ponga a disposici\u00f3n de usuarios an\u00f3nimos, lo que lleva a una escalada de privilegios. Esta vulnerabilidad solo afecta a los sitios con el m\u00f3dulo JSON:API habilitado y se puede mitigar desinstalando JSON:API. Los m\u00f3dulos REST principales y GraphQL contribuidos no se ven afectados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "mlhess@drupal.org",
"type": "Secondary",
@ -23,10 +60,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndExcluding": "9.5.11",
"matchCriteriaId": "AD7E7B61-D321-47CE-ACB3-08DC6084EBA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.11",
"matchCriteriaId": "9796BCDF-6CC1-4447-AFE9-BB76BDDE9C68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.1.4",
"matchCriteriaId": "E98DD977-94BF-4701-A222-BF0E0443197F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-core-2023-006",
"source": "mlhess@drupal.org"
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

63
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-05T14:00:26.614832+00:00
2023-10-05T16:00:26.322119+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-05T13:47:26.270000+00:00
2023-10-05T15:52:29.633000+00:00
```
### Last Data Feed Release
@ -29,45 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227032
227034
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
* [CVE-2022-4145](CVE-2022/CVE-2022-41xx/CVE-2022-4145.json) (`2023-10-05T13:15:09.543`)
* [CVE-2022-3248](CVE-2022/CVE-2022-32xx/CVE-2022-3248.json) (`2023-10-05T14:15:09.650`)
* [CVE-2023-44390](CVE-2023/CVE-2023-443xx/CVE-2023-44390.json) (`2023-10-05T14:15:09.737`)
### CVEs modified in the last Commit
Recently modified CVEs: `27`
Recently modified CVEs: `48`
* [CVE-2023-43783](CVE-2023/CVE-2023-437xx/CVE-2023-43783.json) (`2023-10-05T12:15:09.957`)
* [CVE-2023-26236](CVE-2023/CVE-2023-262xx/CVE-2023-26236.json) (`2023-10-05T12:53:40.753`)
* [CVE-2023-26237](CVE-2023/CVE-2023-262xx/CVE-2023-26237.json) (`2023-10-05T12:53:40.753`)
* [CVE-2023-26238](CVE-2023/CVE-2023-262xx/CVE-2023-26238.json) (`2023-10-05T12:53:40.753`)
* [CVE-2023-26239](CVE-2023/CVE-2023-262xx/CVE-2023-26239.json) (`2023-10-05T12:53:40.753`)
* [CVE-2023-45198](CVE-2023/CVE-2023-451xx/CVE-2023-45198.json) (`2023-10-05T12:53:40.753`)
* [CVE-2023-45159](CVE-2023/CVE-2023-451xx/CVE-2023-45159.json) (`2023-10-05T12:53:40.753`)
* [CVE-2023-41079](CVE-2023/CVE-2023-410xx/CVE-2023-41079.json) (`2023-10-05T13:12:02.387`)
* [CVE-2023-41174](CVE-2023/CVE-2023-411xx/CVE-2023-41174.json) (`2023-10-05T13:12:06.970`)
* [CVE-2023-41232](CVE-2023/CVE-2023-412xx/CVE-2023-41232.json) (`2023-10-05T13:12:12.237`)
* [CVE-2023-41968](CVE-2023/CVE-2023-419xx/CVE-2023-41968.json) (`2023-10-05T13:12:17.997`)
* [CVE-2023-32361](CVE-2023/CVE-2023-323xx/CVE-2023-32361.json) (`2023-10-05T13:12:36.407`)
* [CVE-2023-32377](CVE-2023/CVE-2023-323xx/CVE-2023-32377.json) (`2023-10-05T13:13:00.927`)
* [CVE-2023-40451](CVE-2023/CVE-2023-404xx/CVE-2023-40451.json) (`2023-10-05T13:13:15.517`)
* [CVE-2023-41078](CVE-2023/CVE-2023-410xx/CVE-2023-41078.json) (`2023-10-05T13:13:26.947`)
* [CVE-2023-39150](CVE-2023/CVE-2023-391xx/CVE-2023-39150.json) (`2023-10-05T13:14:16.257`)
* [CVE-2023-23495](CVE-2023/CVE-2023-234xx/CVE-2023-23495.json) (`2023-10-05T13:14:21.263`)
* [CVE-2023-29497](CVE-2023/CVE-2023-294xx/CVE-2023-29497.json) (`2023-10-05T13:33:08.890`)
* [CVE-2023-41979](CVE-2023/CVE-2023-419xx/CVE-2023-41979.json) (`2023-10-05T13:33:13.683`)
* [CVE-2023-41980](CVE-2023/CVE-2023-419xx/CVE-2023-41980.json) (`2023-10-05T13:40:35.357`)
* [CVE-2023-41981](CVE-2023/CVE-2023-419xx/CVE-2023-41981.json) (`2023-10-05T13:40:40.457`)
* [CVE-2023-41984](CVE-2023/CVE-2023-419xx/CVE-2023-41984.json) (`2023-10-05T13:40:43.883`)
* [CVE-2023-41986](CVE-2023/CVE-2023-419xx/CVE-2023-41986.json) (`2023-10-05T13:41:34.000`)
* [CVE-2023-41995](CVE-2023/CVE-2023-419xx/CVE-2023-41995.json) (`2023-10-05T13:44:45.557`)
* [CVE-2023-41996](CVE-2023/CVE-2023-419xx/CVE-2023-41996.json) (`2023-10-05T13:44:53.030`)
* [CVE-2023-43656](CVE-2023/CVE-2023-436xx/CVE-2023-43656.json) (`2023-10-05T15:14:13.843`)
* [CVE-2023-30735](CVE-2023/CVE-2023-307xx/CVE-2023-30735.json) (`2023-10-05T15:15:31.130`)
* [CVE-2023-33034](CVE-2023/CVE-2023-330xx/CVE-2023-33034.json) (`2023-10-05T15:15:46.267`)
* [CVE-2023-30737](CVE-2023/CVE-2023-307xx/CVE-2023-30737.json) (`2023-10-05T15:15:57.547`)
* [CVE-2023-44973](CVE-2023/CVE-2023-449xx/CVE-2023-44973.json) (`2023-10-05T15:16:23.883`)
* [CVE-2023-39645](CVE-2023/CVE-2023-396xx/CVE-2023-39645.json) (`2023-10-05T15:16:41.543`)
* [CVE-2023-43976](CVE-2023/CVE-2023-439xx/CVE-2023-43976.json) (`2023-10-05T15:17:11.293`)
* [CVE-2023-39648](CVE-2023/CVE-2023-396xx/CVE-2023-39648.json) (`2023-10-05T15:17:30.923`)
* [CVE-2023-39646](CVE-2023/CVE-2023-396xx/CVE-2023-39646.json) (`2023-10-05T15:17:38.827`)
* [CVE-2023-44974](CVE-2023/CVE-2023-449xx/CVE-2023-44974.json) (`2023-10-05T15:17:48.087`)
* [CVE-2023-39649](CVE-2023/CVE-2023-396xx/CVE-2023-39649.json) (`2023-10-05T15:17:55.947`)
* [CVE-2023-37404](CVE-2023/CVE-2023-374xx/CVE-2023-37404.json) (`2023-10-05T15:18:33.150`)
* [CVE-2023-35905](CVE-2023/CVE-2023-359xx/CVE-2023-35905.json) (`2023-10-05T15:19:06.307`)
* [CVE-2023-39647](CVE-2023/CVE-2023-396xx/CVE-2023-39647.json) (`2023-10-05T15:19:55.307`)
* [CVE-2023-33029](CVE-2023/CVE-2023-330xx/CVE-2023-33029.json) (`2023-10-05T15:28:09.890`)
* [CVE-2023-33028](CVE-2023/CVE-2023-330xx/CVE-2023-33028.json) (`2023-10-05T15:28:33.267`)
* [CVE-2023-33027](CVE-2023/CVE-2023-330xx/CVE-2023-33027.json) (`2023-10-05T15:33:11.150`)
* [CVE-2023-36628](CVE-2023/CVE-2023-366xx/CVE-2023-36628.json) (`2023-10-05T15:33:32.560`)
* [CVE-2023-32572](CVE-2023/CVE-2023-325xx/CVE-2023-32572.json) (`2023-10-05T15:38:20.757`)
* [CVE-2023-28373](CVE-2023/CVE-2023-283xx/CVE-2023-28373.json) (`2023-10-05T15:39:04.883`)
* [CVE-2023-36627](CVE-2023/CVE-2023-366xx/CVE-2023-36627.json) (`2023-10-05T15:39:20.327`)
* [CVE-2023-31042](CVE-2023/CVE-2023-310xx/CVE-2023-31042.json) (`2023-10-05T15:46:26.893`)
* [CVE-2023-28372](CVE-2023/CVE-2023-283xx/CVE-2023-28372.json) (`2023-10-05T15:50:10.483`)
* [CVE-2023-39923](CVE-2023/CVE-2023-399xx/CVE-2023-39923.json) (`2023-10-05T15:50:28.930`)
* [CVE-2023-28406](CVE-2023/CVE-2023-284xx/CVE-2023-28406.json) (`2023-10-05T15:52:29.633`)
## Download and Usage