admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-15T14:00:26.479545+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-15 14:00:30 +00:00
parent 337ca16ddd
commit 922ce4ee3d
56 changed files with 1424 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CVE-2020/CVE-2020-195xx/CVE-2020-19559.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-19559",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.500",
"lastModified": "2023-09-12T11:52:22.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:43:55.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dieboldnixdorf:agilis_xfs_for_opteva:4.1.61.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFE6ECE-F8F1-43D4-9872-AF0A44C82E80"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-209xx/CVE-2022-20917.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-20917",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-15T03:15:07.520",
"lastModified": "2023-09-15T03:15:07.520",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.\r\n This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el Extensible Messaging y Presence Protocol (XMPP) caracter\u00edstica del procesamiento de mensajes de Cisco Jabber podr\u00eda permitir que un atacante remoto autenticado manipule el contenido de los mensajes XMPP que utiliza la aplicaci\u00f3n afectada. Esta vulnerabilidad se debe al manejo inadecuado de mensajes XMPP anidados dentro de las solicitudes que se env\u00edan al software cliente Cisco Jabber. Un atacante podr\u00eda aprovechar esta vulnerabilidad conect\u00e1ndose a un servidor de mensajer\u00eda XMPP y enviando mensajes XMPP manipulados a un cliente Jabber afectado. Un exploit exitoso podr\u00eda permitir al atacante manipular el contenido de los mensajes XMPP, lo que posiblemente le permitir\u00eda provocar que la aplicaci\u00f3n cliente Jabber realice acciones inseguras."
}
],
"metrics": {

77
CVE-2022/CVE-2022-358xx/CVE-2022-35849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-35849",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-13T13:15:07.823",
"lastModified": "2023-09-13T13:57:45.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:24:26.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,57 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-310",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.6",
"matchCriteriaId": "ADD23F1D-7F27-4C1E-8884-F5CE6005C6A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.4",
"matchCriteriaId": "001D264D-17BD-4DB5-9792-D6849F63B9D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.1.2",
"matchCriteriaId": "30963483-E0D5-4B71-B649-79194ACC77BF"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-310",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2022/CVE-2022-476xx/CVE-2022-47637.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2022-47637",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T22:15:07.900",
"lastModified": "2023-09-13T12:55:59.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:38:19.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The installer in XAMPP through 8.1.12 allows local users to write to the C:\\xampp directory. Common use cases execute files under C:\\xampp with administrative privileges."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apachefriends:xampp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.12",
"matchCriteriaId": "7B76BB9B-ADE3-47E9-8038-3F9823D831D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-215xx/CVE-2023-21520.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-21520",
"sourceIdentifier": "secure@blackberry.com",
"published": "2023-09-12T20:15:07.633",
"lastModified": "2023-09-12T20:41:39.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:55:11.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA PII Enumeration via Credential Recovery in the Self Service\u00a0(Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.\n"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
"source": "secure@blackberry.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D98E8-462C-40B1-8106-B361BAF3448B"
}
]
}
]
}
],
"references": [
{
"url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
"source": "secure@blackberry.com",
"tags": [
"Broken Link"
]
}
]
}

68
CVE-2023/CVE-2023-215xx/CVE-2023-21521.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-21521",
"sourceIdentifier": "secure@blackberry.com",
"published": "2023-09-12T19:15:36.033",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T12:44:15.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAn SQL Injection vulnerability in the Management Console?\u00a0(Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.\n\n"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
"source": "secure@blackberry.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D98E8-462C-40B1-8106-B361BAF3448B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
"source": "secure@blackberry.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-215xx/CVE-2023-21522.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-21522",
"sourceIdentifier": "secure@blackberry.com",
"published": "2023-09-12T19:15:36.153",
"lastModified": "2023-09-12T20:15:07.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:48:27.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.\u00a0"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
"source": "secure@blackberry.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D98E8-462C-40B1-8106-B361BAF3448B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-238xx/CVE-2023-23840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23840",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-09-13T23:15:07.820",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:25:01.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm",
"source": "psirt@solarwinds.com"
},
"nodes": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840",
"source": "psirt@solarwinds.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.1",
"matchCriteriaId": "3B4823C0-B8E7-4896-9096-ABFE5F395F00"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm",
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840",
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-238xx/CVE-2023-23845.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23845",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-09-13T23:15:08.283",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:24:58.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm",
"source": "psirt@solarwinds.com"
},
"nodes": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23845",
"source": "psirt@solarwinds.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.1",
"matchCriteriaId": "3B4823C0-B8E7-4896-9096-ABFE5F395F00"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm",
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23845",
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

111
CVE-2023/CVE-2023-256xx/CVE-2023-25608.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25608",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-13T13:15:08.040",
"lastModified": "2023-09-13T13:57:45.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:24:09.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,91 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-120",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "7.0.6",
"matchCriteriaId": "B5BE67AF-5DC9-4942-832F-03BEC88CD2B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.2",
"matchCriteriaId": "41C213D0-356F-425E-A124-5B72A3AEE54D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-c:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.4.5",
"matchCriteriaId": "6E770699-3997-4E61-A4AD-68D102FCA4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.0",
"versionEndExcluding": "6.2.6",
"matchCriteriaId": "2D44BE0A-B671-454C-8B6A-56AA4BA70E60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "743763F2-D4DE-4E9D-B112-7CA27C61A423"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "7.0.1",
"matchCriteriaId": "87E0B46B-B76D-4D27-AD6F-E929E362B6E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.3",
"versionEndExcluding": "7.0.6",
"matchCriteriaId": "B602BCD9-47CF-443C-A759-0B8379777768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.2",
"matchCriteriaId": "B9D26699-16AD-4752-A088-72CF117C98D0"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-120",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-263xx/CVE-2023-26369.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-26369",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-13T09:15:13.007",
"lastModified": "2023-09-13T12:55:59.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:44:03.120",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-09-14",
"cisaActionDue": "2023-10-05",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability",
"descriptions": [
{
"lang": "en",
@ -46,10 +50,70 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-34.html",
"source": "psirt@adobe.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30524",
"matchCriteriaId": "26793834-3348-4929-8C76-74F68576C92C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.007.20033",
"versionEndExcluding": "23.006.20320",
"matchCriteriaId": "61BAD67D-F78D-4C48-B975-BA6F970D6B86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30524",
"matchCriteriaId": "A4114406-FE2D-441F-BA28-261D665FA61D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.007.20033",
"versionEndExcluding": "23.006.20320",
"matchCriteriaId": "765D6A5E-A0E1-45F9-8B41-B51DFBC3B8F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-34.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-291xx/CVE-2023-29183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29183",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-13T13:15:08.367",
"lastModified": "2023-09-13T13:57:45.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:23:51.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,79 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-106",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.11",
"matchCriteriaId": "A5D70694-BB02-43E2-8F74-D50D9D4C5E3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "122518E7-EA43-4240-AAFB-61AD2AA28A2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.2.15",
"matchCriteriaId": "05454D49-17D8-4A7D-92C8-B33B006A35DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.13",
"matchCriteriaId": "B153B056-24AE-41C4-B644-65E080C18360"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.12",
"matchCriteriaId": "39A6C2A7-21A4-4BB5-A3B6-9466E5CEA296"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "4562BDF7-D894-4CD8-95AC-9409FDEBE73F"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-106",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-324xx/CVE-2023-32461.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32461",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-09-15T07:15:09.550",
"lastModified": "2023-09-15T07:15:09.550",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u00a0\n\n"
},
{
"lang": "es",
"value": "Dell PowerEdge BIOS y Dell Precision BIOS contiene una vulnerabilidad de desbordamiento del b\u00fafer. Un usuario local malicioso con altos privilegios podr\u00eda explotar potencialmente esta vulnerabilidad, lo que provocar\u00eda una corrupci\u00f3n de la memoria y potencialmente escalar\u00eda privilegios."
}
],
"metrics": {

64
CVE-2023/CVE-2023-365xx/CVE-2023-36551.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36551",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-13T13:15:08.697",
"lastModified": "2023-09-13T13:57:45.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:32:18.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,44 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-126",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.6",
"matchCriteriaId": "26117F45-D8BA-4BBE-996D-D2799A625ADA"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-126",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-366xx/CVE-2023-36634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36634",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-13T13:15:08.883",
"lastModified": "2023-09-13T13:57:45.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:46:11.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-123",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.0",
"versionEndIncluding": "5.4.6",
"matchCriteriaId": "3BEF86D0-7255-4054-8AA7-4AA411C5FE32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.4",
"matchCriteriaId": "607B4B16-A019-4DB5-A3D5-845B3C81E2CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.5",
"matchCriteriaId": "D94D840D-28B9-45AB-952C-951710AA63CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "743763F2-D4DE-4E9D-B112-7CA27C61A423"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-123",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-366xx/CVE-2023-36657.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36657",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T06:15:07.810",
"lastModified": "2023-09-15T06:15:07.810",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Se puede abusar de las funciones integradas de Windows (atajos de escritorio, narrador) para escalar privilegios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-366xx/CVE-2023-36658.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36658",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T05:15:24.997",
"lastModified": "2023-09-15T05:15:24.997",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Tiene una ruta de servicio no citada de la que se puede abusar localmente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-366xx/CVE-2023-36659.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T06:15:08.013",
"lastModified": "2023-09-15T06:15:08.013",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Las entradas largas no se procesaron adecuadamente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de comunicaci\u00f3n)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-380xx/CVE-2023-38039.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38039",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-15T04:15:10.127",
"lastModified": "2023-09-15T04:15:10.127",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory."
},
{
"lang": "es",
"value": "Cuando curl recupera una respuesta HTTP, almacena los encabezados entrantes para que se pueda acceder a ellos m\u00e1s tarde a trav\u00e9s de la API de encabezados libcurl. Sin embargo, curl no ten\u00eda un l\u00edmite en cuanto a la cantidad o el tama\u00f1o de encabezados que aceptar\u00eda en una respuesta, lo que permit\u00eda que un servidor malicioso transmitiera una serie interminable de encabezados y, finalmente, provocara que curl se quedara sin memoria din\u00e1mica."
}
],
"metrics": {},

31
CVE-2023/CVE-2023-382xx/CVE-2023-38214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38214",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-13T14:15:08.127",
"lastModified": "2023-09-13T16:34:14.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:21:43.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.17",
"matchCriteriaId": "782C2B63-88D4-4E2A-B627-EFE41036ECB2"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

16
CVE-2023/CVE-2023-382xx/CVE-2023-38229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38229",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-08-10T14:15:13.047",
"lastModified": "2023-09-14T13:15:08.897",
"vulnStatus": "Modified",
"lastModified": "2023-09-15T13:59:27.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
"impactScore": 5.9
}
]
},

8
CVE-2023/CVE-2023-38xx/CVE-2023-3891.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3891",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-15T03:15:08.803",
"lastModified": "2023-09-15T03:15:08.803",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system"
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n en Lapce v0.2.8 permite a un atacante elevar los privilegios en el sistema."
}
],
"metrics": {

67
CVE-2023/CVE-2023-390xx/CVE-2023-39073.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-39073",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T22:15:08.047",
"lastModified": "2023-09-13T12:55:59.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T12:54:18.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://gist.github.com/ph4nt0mbyt3/9456312e867c10de8f808250ec0b12d3",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:voltronicpower:snmp_web_pro:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6059B1DE-C7AB-4C17-B714-438F37EEAA3C"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/ph4nt0mbyt3/9456312e867c10de8f808250ec0b12d3",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-396xx/CVE-2023-39643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39643",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.410",
"lastModified": "2023-09-15T01:15:07.410",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-406xx/CVE-2023-40617.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-40617",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-13T22:15:07.733",
"lastModified": "2023-09-14T13:01:09.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:24:36.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40617",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openknowledgemaps:head_start:7:*:*:*:*:*:*:*",
"matchCriteriaId": "C97EBF11-737C-4DA0-92C7-3BE35319C320"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40617",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-409xx/CVE-2023-40982.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40982",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T03:15:09.047",
"lastModified": "2023-09-15T03:15:09.047",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad cross-site scripting (XSS) almacenadas en Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de payload elaborado inyectado en el m\u00f3dulo clonado en el par\u00e1metro nombre."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-409xx/CVE-2023-40983.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40983",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T04:15:10.243",
"lastModified": "2023-09-15T04:15:10.243",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar secuencias de comandos maliciosas mediante la inyecci\u00f3n de un payload preparado en el archivo Buscar en Resultados."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-409xx/CVE-2023-40984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40984",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.653",
"lastModified": "2023-09-15T01:15:07.653",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-409xx/CVE-2023-40985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40985",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.787",
"lastModified": "2023-09-15T01:15:07.787",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-409xx/CVE-2023-40986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40986",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T01:15:07.910",
"lastModified": "2023-09-15T01:15:07.910",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

77
CVE-2023/CVE-2023-410xx/CVE-2023-41081.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-41081",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-13T10:15:07.657",
"lastModified": "2023-09-13T12:55:59.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:26:15.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The mod_jk component of Apache Tomcat Connectors\u00a0in some circumstances, such as when a configuration included\u00a0\"JkOptions +ForwardDirectories\" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker.\u00a0Such an implicit mapping could result in the unintended exposure of the\u00a0status worker and/or bypass security constraints configured in httpd. As\u00a0of JK 1.2.49, the implicit mapping functionality has been removed and all\u00a0mappings must now be via explicit configuration.\u00a0Only mod_jk is affected\u00a0by this issue. The ISAPI redirector is not affected.\n\nThis issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48.\n\nUsers are recommended to upgrade to version 1.2.49, which fixes the issue.\n\n"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/13/2",
"source": "security@apache.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b",
"source": "security@apache.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.49",
"matchCriteriaId": "9349521D-9E00-44E9-A1FF-E12C299CFEFA"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/13/2",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b",
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

68
CVE-2023/CVE-2023-414xx/CVE-2023-41423.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-41423",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T22:15:08.107",
"lastModified": "2023-09-13T12:55:59.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:06:25.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/terrylinooo/githuber-md/issues/316",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:terryl:wp_githuber_md:1.16.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FFE3EA4A-3E74-4943-8E77-9CAAD05A2677"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/terrylinooo/githuber-md/issues/316",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

8
CVE-2023/CVE-2023-42xx/CVE-2023-4231.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4231",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T08:15:07.867",
"lastModified": "2023-09-15T08:15:07.867",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en el Online Payment System de Cevik Informatics permite la inyecci\u00f3n de SQL. Este problema afecta al Online Payment System: antes de la versi\u00f3n 4.09."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4661.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4661",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:07.907",
"lastModified": "2023-09-15T09:15:07.907",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Saphira Saphira Connect permite la inyecci\u00f3n SQL. Este problema afecta a Saphira Connect: antes de la versi\u00f3n 9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4662.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4662",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.040",
"lastModified": "2023-09-15T09:15:08.040",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Ejecuci\u00f3n con Privilegios Innecesarios en Saphira Saphira Connect permite la Inclusi\u00f3n de C\u00f3digo Remota. Este problema afecta a Saphira Connect: antes de la versi\u00f3n 9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4663.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4663",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.133",
"lastModified": "2023-09-15T09:15:08.133",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de etiquetas HTML relacionadas con secuencias de comandos en una vulnerabilidad de p\u00e1gina web (XSS b\u00e1sico) en Saphira Saphira Connect permite Cross-Site Scripting (XSS) reflejado. Este problema afecta a Saphira Connect: antes de la versi\u00f3n 9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4664.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4664",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.230",
"lastModified": "2023-09-15T09:15:08.230",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Permisos Predeterminados Incorrectos en Saphira Saphira Connect permite la Escalaci\u00f3n de Privilegios. Este problema afecta a Saphira Connect: antes de la versi\u00f3n 9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4665.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4665",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.330",
"lastModified": "2023-09-15T09:15:08.330",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n incorrecta de permisos asignados en Saphira Saphira Connect permite la Escalaci\u00f3n de Privilegios. Este problema afecta a Saphira Connect: antes de la versi\u00f3n 9."
}
],
"metrics": {

4
CVE-2023/CVE-2023-46xx/CVE-2023-4670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4670",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T08:15:08.063",
"lastModified": "2023-09-15T08:15:08.063",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-46xx/CVE-2023-4673.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4673",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T06:15:08.140",
"lastModified": "2023-09-15T06:15:08.140",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 .\n\n"
},
{
"lang": "es",
"value": "La Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Sanalogy Turasistan permite la inyecci\u00f3n SQL. Este problema afecta a Turasistan: antes de la versi\u00f3n 20230911."
}
],
"metrics": {

8
CVE-2023/CVE-2023-48xx/CVE-2023-4830.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4830",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T06:15:08.287",
"lastModified": "2023-09-15T06:15:08.287",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228.\n\n"
},
{
"lang": "es",
"value": "La Neutralizaci\u00f3n Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Tura Signalix permite la inyecci\u00f3n SQL. Este problema afecta a Signalix: versi\u00f3n 7T_0228."
}
],
"metrics": {

4
CVE-2023/CVE-2023-48xx/CVE-2023-4831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4831",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T08:15:08.147",
"lastModified": "2023-09-15T08:15:08.147",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-48xx/CVE-2023-4833.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4833",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.423",
"lastModified": "2023-09-15T09:15:08.423",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Besttem Network Marketing Software permite la inyecci\u00f3n SQL. Este problema afecta al Network Marketing Software: antes de la versi\u00f3n 1.0.2309.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-48xx/CVE-2023-4835.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4835",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.607",
"lastModified": "2023-09-15T09:15:08.607",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 .\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en CF Software Oil Management Software permite la inyecci\u00f3n SQL. Este problema afecta al Oil Management Software: antes de 20230912."
}
],
"metrics": {

64
CVE-2023/CVE-2023-49xx/CVE-2023-4928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4928",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-13T01:15:07.893",
"lastModified": "2023-09-13T12:55:59.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T13:29:36.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/instantsoft/icms2/commit/3a6b148fa2c943ee7647e0cd14bf68e026b15548",
"source": "security@huntr.dev"
},
"nodes": [
{
"url": "https://huntr.dev/bounties/cb72cc17-5a0d-4392-9a5f-a13aa773de9e",
"source": "security@huntr.dev"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:instantcms:icms2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.16.1",
"matchCriteriaId": "B25EE390-12B6-448E-9705-FEE1DA42364F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/3a6b148fa2c943ee7647e0cd14bf68e026b15548",
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/cb72cc17-5a0d-4392-9a5f-a13aa773de9e",
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-49xx/CVE-2023-4959.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4959",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-15T10:15:07.697",
"lastModified": "2023-09-15T10:15:07.697",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-49xx/CVE-2023-4963.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4963",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-15T03:15:09.187",
"lastModified": "2023-09-15T03:15:09.187",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WS Facebook Like Box Widget para WordPress plugin para WordPress es vulnerable a Cross-Site Scripting a trav\u00e9s del c\u00f3digo corto 'ws-facebook-likebox' en versiones hasta la 5.0 incluida debido a una insuficiente sanitizaci\u00f3n y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-49xx/CVE-2023-4973.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4973",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T02:15:08.367",
"lastModified": "2023-09-15T02:15:08.367",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Academy LMS 6.2 en Windows. Ha sido declarado problem\u00e1tico. Una funci\u00f3n desconocida del archivo /academy/tutor/filter del componente GET Parameter Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento palabra_buscada/tipo_clase_tuci\u00f3n_buscada[]/tipo_precio_buscado[]/duraci\u00f3n_buscada[] conduce a cross site scripting. El ataque se puede lanzar de forma remota. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-239749. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2023/CVE-2023-49xx/CVE-2023-4974.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4974",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T03:15:09.393",
"lastModified": "2023-09-15T03:15:09.393",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Academy LMS 6.2. Ha sido calificado como cr\u00edtico. Una funcionalidad desconocida del archivo /academy/tutor/filter del componente GET Parameter Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento precio_min/precio_max conduce a la inyecci\u00f3n SQL. El ataque puede lanzarse de forma remota. VDB-239750 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

4
CVE-2023/CVE-2023-49xx/CVE-2023-4977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4977",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.057",
"lastModified": "2023-09-15T01:15:08.057",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-49xx/CVE-2023-4978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4978",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.263",
"lastModified": "2023-09-15T01:15:08.263",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-49xx/CVE-2023-4979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4979",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.460",
"lastModified": "2023-09-15T01:15:08.460",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-49xx/CVE-2023-4980.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4980",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.623",
"lastModified": "2023-09-15T01:15:08.623",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0."
},
{
"lang": "es",
"value": " Cross-site Scripting (XSS): gen\u00e9rico en librenms/librenms del repositorio de GitHub anteriores a 23.9.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-49xx/CVE-2023-4981.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4981",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.810",
"lastModified": "2023-09-15T01:15:08.810",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-49xx/CVE-2023-4982.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4982",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-15T01:15:08.987",
"lastModified": "2023-09-15T01:15:08.987",
"vulnStatus": "Received",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): almacenado en el repositorio de GitHub librenms/librenms anterior a 23.9.0."
}
],
"metrics": {

37
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-15T12:00:24.977451+00:00
2023-09-15T14:00:26.479545+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-15T11:42:43.053000+00:00
2023-09-15T13:59:27.020000+00:00
```
### Last Data Feed Release
@ -34,18 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `0`
* [CVE-2023-4959](CVE-2023/CVE-2023-49xx/CVE-2023-4959.json) (`2023-09-15T10:15:07.697`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `55`
* [CVE-2016-5180](CVE-2016/CVE-2016-51xx/CVE-2016-5180.json) (`2023-09-15T11:42:43.053`)
* [CVE-2017-1000381](CVE-2017/CVE-2017-10003xx/CVE-2017-1000381.json) (`2023-09-15T11:42:43.053`)
* [CVE-2020-14354](CVE-2020/CVE-2020-143xx/CVE-2020-14354.json) (`2023-09-15T11:42:43.053`)
* [CVE-2023-4831](CVE-2023/CVE-2023-48xx/CVE-2023-4831.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4661](CVE-2023/CVE-2023-46xx/CVE-2023-4661.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4662](CVE-2023/CVE-2023-46xx/CVE-2023-4662.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4663](CVE-2023/CVE-2023-46xx/CVE-2023-4663.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4664](CVE-2023/CVE-2023-46xx/CVE-2023-4664.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4665](CVE-2023/CVE-2023-46xx/CVE-2023-4665.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4833](CVE-2023/CVE-2023-48xx/CVE-2023-4833.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4835](CVE-2023/CVE-2023-48xx/CVE-2023-4835.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-4959](CVE-2023/CVE-2023-49xx/CVE-2023-4959.json) (`2023-09-15T12:51:51.373`)
* [CVE-2023-39073](CVE-2023/CVE-2023-390xx/CVE-2023-39073.json) (`2023-09-15T12:54:18.037`)
* [CVE-2023-41423](CVE-2023/CVE-2023-414xx/CVE-2023-41423.json) (`2023-09-15T13:06:25.403`)
* [CVE-2023-38214](CVE-2023/CVE-2023-382xx/CVE-2023-38214.json) (`2023-09-15T13:21:43.803`)
* [CVE-2023-29183](CVE-2023/CVE-2023-291xx/CVE-2023-29183.json) (`2023-09-15T13:23:51.840`)
* [CVE-2023-25608](CVE-2023/CVE-2023-256xx/CVE-2023-25608.json) (`2023-09-15T13:24:09.093`)
* [CVE-2023-40617](CVE-2023/CVE-2023-406xx/CVE-2023-40617.json) (`2023-09-15T13:24:36.010`)
* [CVE-2023-23845](CVE-2023/CVE-2023-238xx/CVE-2023-23845.json) (`2023-09-15T13:24:58.180`)
* [CVE-2023-23840](CVE-2023/CVE-2023-238xx/CVE-2023-23840.json) (`2023-09-15T13:25:01.493`)
* [CVE-2023-41081](CVE-2023/CVE-2023-410xx/CVE-2023-41081.json) (`2023-09-15T13:26:15.493`)
* [CVE-2023-4928](CVE-2023/CVE-2023-49xx/CVE-2023-4928.json) (`2023-09-15T13:29:36.227`)
* [CVE-2023-36551](CVE-2023/CVE-2023-365xx/CVE-2023-36551.json) (`2023-09-15T13:32:18.030`)
* [CVE-2023-26369](CVE-2023/CVE-2023-263xx/CVE-2023-26369.json) (`2023-09-15T13:44:03.120`)
* [CVE-2023-36634](CVE-2023/CVE-2023-366xx/CVE-2023-36634.json) (`2023-09-15T13:46:11.440`)
* [CVE-2023-21522](CVE-2023/CVE-2023-215xx/CVE-2023-21522.json) (`2023-09-15T13:48:27.413`)
* [CVE-2023-21520](CVE-2023/CVE-2023-215xx/CVE-2023-21520.json) (`2023-09-15T13:55:11.590`)
* [CVE-2023-38229](CVE-2023/CVE-2023-382xx/CVE-2023-38229.json) (`2023-09-15T13:59:27.020`)
## Download and Usage