admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-22T16:00:25.271214+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-22 16:00:28 +00:00
parent 60851ce6b6
commit 9e05b29eab
39 changed files with 2327 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2022/CVE-2022-38xx/CVE-2022-3874.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-3874",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-22T14:15:44.943",
"lastModified": "2023-09-22T14:15:44.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3874",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577",
"source": "secalert@redhat.com"
}
]
}

51
CVE-2022/CVE-2022-40xx/CVE-2022-4039.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2022-4039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-22T15:15:09.847",
"lastModified": "2023-09-22T15:15:09.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4039",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416",
"source": "secalert@redhat.com"
}
]
}

103
CVE-2022/CVE-2022-475xx/CVE-2022-47553.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47553",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:18.183",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:18:13.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Autorizaci\u00f3n incorrecta en ekorCCP y ekorRCI, que podr\u00eda permitir a un atacante remoto obtener recursos con informaci\u00f3n sensible para la organizaci\u00f3n, sin estar autenticado dentro del servidor web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2022/CVE-2022-475xx/CVE-2022-47555.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47555",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:20.057",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:16:09.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Inyecci\u00f3n de comandos del sistema operativo en ekorCCP y ekorRCI, que podr\u00eda permitir a un atacante autenticado ejecutar comandos, crear nuevos usuarios con privilegios elevados o configurar una puerta trasera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2022/CVE-2022-475xx/CVE-2022-47556.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47556",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:20.480",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:15:12.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Consumo descontrolado de recursos en ekorRCI, permitiendo a un atacante con acceso con pocos privilegios al servidor web enviar de forma continua solicitudes web leg\u00edtimas a una funcionalidad no correctamente validada, con el fin de provocar una denegaci\u00f3n de servicio (DoS). ) en el dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2022/CVE-2022-475xx/CVE-2022-47557.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47557",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:20.843",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:14:25.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Vulnerabilidad en ekorCCP y ekorRCI que podr\u00eda permitir a un atacante con acceso a la red donde se encuentra el dispositivo descifrar las credenciales de usuarios privilegiados, y posteriormente acceder al sistema para realizar acciones maliciosas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-916"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2022/CVE-2022-475xx/CVE-2022-47558.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47558",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:21.193",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:10:13.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Los dispositivos ekorCCP y ekorRCI son vulnerables debido al acceso al servicio FTP mediante credenciales predeterminadas. La explotaci\u00f3n de esta vulnerabilidad puede permitir a un atacante modificar archivos cr\u00edticos que podr\u00edan permitir la creaci\u00f3n de nuevos usuarios, eliminar o modificar usuarios existentes, modificar archivos de configuraci\u00f3n, instalar rootkits o puertas traseras."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-237xx/CVE-2023-23766.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-23766",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-09-22T15:15:10.557",
"lastModified": "2023-09-22T15:15:10.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3",
"source": "product-cna@github.com"
}
]
}

61
CVE-2023/CVE-2023-255xx/CVE-2023-25526.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25526",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:52.497",
"lastModified": "2023-09-20T10:49:21.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:27:20.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5480",
"source": "psirt@nvidia.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:cumulus_linux:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.0",
"matchCriteriaId": "DE70573E-95A3-4516-8DAB-4E36109A9FEF"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5480",
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

121
CVE-2023/CVE-2023-261xx/CVE-2023-26144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26144",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-20T05:15:39.923",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:05:10.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -38,26 +58,87 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"source": "report@snyk.io"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://github.com/graphql/graphql-js/issues/3955",
"source": "report@snyk.io"
},
{
"url": "https://github.com/graphql/graphql-js/pull/3972",
"source": "report@snyk.io"
},
{
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"source": "report@snyk.io"
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graphql:graphql:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.8.1",
"matchCriteriaId": "F350F09D-E2EC-454B-AE86-D1685AFDD9D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graphql:graphql:17.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "37819AB7-A406-4FC1-BB34-C949848AF13E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graphql:graphql:17.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "17EC77C2-6B00-4742-A98E-08874B982117"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226",
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/graphql/graphql-js/issues/3955",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/graphql/graphql-js/pull/3972",
"source": "report@snyk.io",
"tags": [
"Product"
]
},
{
"url": "https://github.com/graphql/graphql-js/releases/tag/v16.8.1",
"source": "report@snyk.io",
"tags": [
"Release Notes"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32184",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-09-19T10:15:12.497",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:23:52.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "meissner@suse.de",
"type": "Secondary",
@ -50,10 +70,35 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184",
"source": "meissner@suse.de"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensuse:welcome:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.1.0",
"versionEndExcluding": "0.1.9\\+git.35.4b9444a",
"matchCriteriaId": "A0D586DA-8DC3-4D22-9582-5C9C8F5EB43E"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184",
"source": "meissner@suse.de",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-343xx/CVE-2023-34319.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34319",
"sourceIdentifier": "security@xen.org",
"published": "2023-09-22T14:15:45.627",
"lastModified": "2023-09-22T14:15:45.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The fix for XSA-423 added logic to Linux'es netback driver to deal with\na frontend splitting a packet in a way such that not all of the headers\nwould come in one piece. Unfortunately the logic introduced there\ndidn't account for the extreme case of the entire packet being split\ninto as many pieces as permitted by the protocol, yet still being\nsmaller than the area that's specially dealt with to keep all (possible)\nheaders together. Such an unusual packet would therefore trigger a\nbuffer overrun in the driver.\n"
}
],
"metrics": {},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-438.html",
"source": "security@xen.org"
}
]
}

67
CVE-2023/CVE-2023-382xx/CVE-2023-38255.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38255",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-18T21:15:53.000",
"lastModified": "2023-09-19T03:37:34.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:32:10.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Un atacante potencial con o sin acceso (robo de cookies) al dispositivo podr\u00eda incluir c\u00f3digo malicioso (XSS) al cargar una nueva configuraci\u00f3n del dispositivo que podr\u00eda afectar la funci\u00f3n prevista del dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +70,43 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03",
"source": "ics-cert@hq.dhs.gov"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

6
CVE-2023/CVE-2023-410xx/CVE-2023-41048.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41048",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.667",
"lastModified": "2023-09-21T16:08:49.637",
"lastModified": "2023-09-22T15:15:11.000",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -55,6 +55,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/plone/Products.PloneHotfix20210518",
"source": "security-advisories@github.com"

114
CVE-2023/CVE-2023-411xx/CVE-2023-41179.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-41179",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-09-19T14:15:21.343",
"lastModified": "2023-09-21T13:15:09.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:08:32.273",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-09-21",
"cisaActionDue": "2023-10-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability",
"descriptions": [
{
"lang": "en",
@ -14,19 +18,107 @@
"value": "Una vulnerabilidad en el m\u00f3dulo de desinstalaci\u00f3n AV de terceros contenido en Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security y Worry-Free Business Security Services podr\u00eda permitir a un atacante manipular el m\u00f3dulo para ejecutar comandos arbitrarios afectando la instalaci\u00f3n. Tenga en cuenta que un atacante primero debe obtener acceso a la consola administrativa en el sistema de destino para poder aprovechar esta vulnerabilidad."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://jvn.jp/en/vu/JVNVU90967486/",
"source": "security@trendmicro.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
{
"url": "https://success.trendmicro.com/jp/solution/000294706",
"source": "security@trendmicro.com"
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://success.trendmicro.com/solution/000294994",
"source": "security@trendmicro.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*",
"matchCriteriaId": "8FA15535-6AC8-4062-BE7B-CD545B7516E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FFCE8717-85D2-4F4F-91DF-C6DA341C4E19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*",
"matchCriteriaId": "25F873F7-FC62-4234-99EE-E3BDEBB36C2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU90967486/",
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://success.trendmicro.com/jp/solution/000294706",
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://success.trendmicro.com/solution/000294994",
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-413xx/CVE-2023-41387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41387",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T09:15:07.860",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:41:50.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Una inyecci\u00f3n SQL en el componente flutter_downloader versi\u00f3n 1.11.1 para iOS permite a los atacantes remotos robar tokens de sesi\u00f3n y sobrescribir archivos arbitrarios dentro del contenedor de la aplicaci\u00f3n. La base de datos interna del framework se expone al usuario local si una aplicaci\u00f3n usa las propiedades UIFileSharingEnabled y LSSupportsOpeningDocumentsInPlace. Como resultado, los usuarios locales pueden obtener las mismas primitivas de ataque que los atacantes remotos manipulando la base de datos interna del framework en el dispositivo. "
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://pub.dev/packages/flutter_downloader/changelog",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"url": "https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:patreon:flutter_downloader:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.2",
"matchCriteriaId": "437F55B1-CFAF-4F5E-8BD8-D70FA0CEB465"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"
}
]
}
]
}
],
"references": [
{
"url": "https://pub.dev/packages/flutter_downloader/changelog",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-418xx/CVE-2023-41890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41890",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T15:15:52.863",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T15:06:53.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,18 +74,54 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/Sustainsys/Saml2/issues/712",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.3",
"matchCriteriaId": "B7F5976D-E597-4453-BC51-94F0EC54452B"
},
{
"url": "https://github.com/Sustainsys/Saml2/issues/713",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.9.2",
"matchCriteriaId": "D5B2D148-2306-49D9-AE0B-EAF6D4B70EE0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Sustainsys/Saml2/issues/712",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/Sustainsys/Saml2/issues/713",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-419xx/CVE-2023-41965.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41965",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-18T20:15:10.120",
"lastModified": "2023-09-19T03:37:34.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:32:28.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\nSending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** El env\u00edo de algunas solicitudes en la aplicaci\u00f3n web del dispositivo vulnerable permite obtener informaci\u00f3n debido a la falta de seguridad en el proceso de autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,55 @@
"value": "CWE-922"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03",
"source": "ics-cert@hq.dhs.gov"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

67
CVE-2023/CVE-2023-424xx/CVE-2023-42443.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42443",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-18T21:16:13.403",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:30:04.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.\n\nEach builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.\n\nAs of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin."
},
{
"lang": "es",
"value": "Vyper es un Lenguaje de Contrato Inteligente Pit\u00f3nico para la M\u00e1quina Virtual Ethereum (EVM). En la versi\u00f3n 0.3.9 y anteriores, bajo ciertas condiciones, la memoria utilizada por las funciones integradas `raw_call`, `create_from_blueprint` y `create_copy_of` puede estar da\u00f1ada. Para `raw_call`, el b\u00fafer de argumentos de la llamada puede estar da\u00f1ado, lo que genera `calldata` incorrectos en el subcontexto. Para `create_from_blueprint` y `create_copy_of`, el b\u00fafer para el c\u00f3digo de bytes que se va a implementar puede estar da\u00f1ado, lo que lleva a implementar un c\u00f3digo de bytes incorrecto. Cada elemento incorporado tiene condiciones que deben cumplirse para que se produzca la corrupci\u00f3n. Para `raw_call`, el argumento `data` del incorporado debe ser `msg.data` y el `valor` o `gas` pasado al incorporado debe ser alguna expresi\u00f3n compleja que d\u00e9 como resultado la escritura en la memoria. Para `create_copy_of`, el `valor` o `salt` pasado al incorporado debe ser alguna expresi\u00f3n compleja que d\u00e9 como resultado la escritura en la memoria. Para `create_from_blueprint`, no se deben pasar par\u00e1metros de constructor al incorporado o `raw_args` debe establecerse en True, y el `valor` o `salt` pasado al incorporado debe ser alguna expresi\u00f3n compleja que d\u00e9 como resultado la escritura en la memoria . Al momento de la publicaci\u00f3n, no existe ninguna versi\u00f3n parcheada. El problema a\u00fan se est\u00e1 investigando y es posible que haya otros casos en los que se produzca corrupci\u00f3n. Cuando se llama a la funci\u00f3n incorporada desde una funci\u00f3n \"interna\" \"F\", el problema no est\u00e1 presente siempre que la funci\u00f3n que llama a \"F\" haya escrito en la memoria antes de llamar a \"F\". Como workaround, las expresiones complejas que se pasan como kwargs al incorporado deben almacenarse en cach\u00e9 en la memoria antes de la llamada al incorporado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,41 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/vyperlang/vyper/issues/3609",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*",
"versionEndExcluding": "0.3.10",
"matchCriteriaId": "34B59539-E37F-462A-BB24-D952D027FAC5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/issues/3609",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-424xx/CVE-2023-42446.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42446",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-18T22:15:47.247",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:21:40.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated."
},
{
"lang": "es",
"value": "Pow es una soluci\u00f3n de autenticaci\u00f3n y gesti\u00f3n de usuarios para aplicaciones basadas en Phoenix y Plug. A partir de la versi\u00f3n 1.0.14 y anteriores a la versi\u00f3n 1.0.34, el uso de `Pow.Store.Backend.MnesiaCache` es susceptible de secuestro de sesi\u00f3n ya que las claves caducadas no se invalidan correctamente al inicio. Una sesi\u00f3n puede caducar cuando todas las instancias de `Pow.Store.Backend.MnesiaCache` se han cerrado durante un per\u00edodo superior al TTL restante de una sesi\u00f3n. La versi\u00f3n 1.0.34 contiene un parche para este problema. Como workaround, las claves caducadas, incluidas todas las sesiones caducadas, se pueden invalidar manualmente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-672"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,40 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/pow-auth/pow/issues/713",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/pow-auth/pow/security/advisories/GHSA-3cjh-p6pw-jhv9",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:powauth:pow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.14",
"versionEndExcluding": "1.0.34",
"matchCriteriaId": "0C454727-43EF-432A-BBE4-528F776FB9BA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pow-auth/pow/issues/713",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/pow-auth/pow/security/advisories/GHSA-3cjh-p6pw-jhv9",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-424xx/CVE-2023-42457.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42457",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.943",
"lastModified": "2023-09-21T16:08:49.637",
"lastModified": "2023-09-22T15:15:11.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -55,6 +55,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7",
"source": "security-advisories@github.com"

6
CVE-2023/CVE-2023-424xx/CVE-2023-42458.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42458",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:22.483",
"lastModified": "2023-09-22T01:25:45.750",
"lastModified": "2023-09-22T15:15:12.590",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -55,6 +55,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088",
"source": "security-advisories@github.com"

20
CVE-2023/CVE-2023-431xx/CVE-2023-43144.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T15:15:12.827",
"lastModified": "2023-09-22T15:15:12.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the \"id\" parameter in delete.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2",
"source": "cve@mitre.org"
}
]
}

84
CVE-2023/CVE-2023-431xx/CVE-2023-43196.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43196",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.437",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:03:04.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DI-7200GV2.E1 v21.04.09E1 conten\u00eda un desbordamiento de memoria a trav\u00e9s del par\u00e1metro zn_jb en la funci\u00f3n arp_sys.asp."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:21.04.09e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE749C-23D7-4A64-A8FD-D6230A47062F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7200g:2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3B08E-540D-4A5A-89B3-1BF4DDC3F72D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-431xx/CVE-2023-43197.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43197",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.497",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:02:34.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el dispositivo D-Link DI-7200GV2.E1 v21.04.09E1 conten\u00eda un desbordamiento de memoria a trav\u00e9s del par\u00e1metro fn en la funci\u00f3n tgfile.asp."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:21.04.09e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE749C-23D7-4A64-A8FD-D6230A47062F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7200g:2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3B08E-540D-4A5A-89B3-1BF4DDC3F72D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-431xx/CVE-2023-43198.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.710",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:02:21.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el dispositivo D-Link DI-7200GV2.E1 v21.04.09E1 conten\u00eda un desbordamiento de memoria a trav\u00e9s del par\u00e1metro popupId en la funci\u00f3n H5/hi_block.asp."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:21.04.09e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE749C-23D7-4A64-A8FD-D6230A47062F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7200g:2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3B08E-540D-4A5A-89B3-1BF4DDC3F72D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-431xx/CVE-2023-43199.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.893",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:02:05.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el dispositivo D-Link DI-7200GV2.E1 v21.04.09E1 conten\u00eda un desbordamiento de memoria a trav\u00e9s del par\u00e1metro prev en la funci\u00f3n H5/login.cgi."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:21.04.09e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE749C-23D7-4A64-A8FD-D6230A47062F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7200g:2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3B08E-540D-4A5A-89B3-1BF4DDC3F72D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-432xx/CVE-2023-43200.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43200",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.007",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:01:51.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el dispositivo D-Link DI-7200GV2.E1 v21.04.09E1 conten\u00eda un desbordamiento de memoria a trav\u00e9s del par\u00e1metro id en la funci\u00f3n yyxz.data."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:21.04.09e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE749C-23D7-4A64-A8FD-D6230A47062F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7200g:2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3B08E-540D-4A5A-89B3-1BF4DDC3F72D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-432xx/CVE-2023-43201.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-43201",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.173",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T14:01:39.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"lang": "es",
"value": "Se descubri\u00f3 que el dispositivo D-Link DI-7200GV2.E1 v21.04.09E1 conten\u00eda un desbordamiento de memoria a trav\u00e9s del par\u00e1metro hi_up en la funci\u00f3n qos_ext.asp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:21.04.09e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE749C-23D7-4A64-A8FD-D6230A47062F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7200g:2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3B08E-540D-4A5A-89B3-1BF4DDC3F72D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-432xx/CVE-2023-43202.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43202",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.340",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T14:01:27.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n pcap_download_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro update.device.packet-capture.tftp-file-name."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCC72B6-B496-4D56-A9B0-7150453D6987"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A57933-958E-470D-8AB1-A1E27A1008AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-432xx/CVE-2023-43203.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43203",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.513",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T14:01:17.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de Desbordamiento del B\u00fafer en la funci\u00f3n update_users."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCC72B6-B496-4D56-A9B0-7150453D6987"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A57933-958E-470D-8AB1-A1E27A1008AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-432xx/CVE-2023-43204.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.643",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T14:03:57.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n sub_2EF50. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro manual-time-string."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCC72B6-B496-4D56-A9B0-7150453D6987"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A57933-958E-470D-8AB1-A1E27A1008AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-432xx/CVE-2023-43206.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43206",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.793",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T14:03:46.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n web_cert_download_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro certDownload."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCC72B6-B496-4D56-A9B0-7150453D6987"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A57933-958E-470D-8AB1-A1E27A1008AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-432xx/CVE-2023-43207.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43207",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.963",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T14:03:39.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n config_upload_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro configRestore."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCC72B6-B496-4D56-A9B0-7150453D6987"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A57933-958E-470D-8AB1-A1E27A1008AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-437xx/CVE-2023-43770.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43770",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T06:15:10.090",
"lastModified": "2023-09-22T13:24:08.480",
"lastModified": "2023-09-22T14:15:46.093",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b",
"source": "cve@mitre.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html",
"source": "cve@mitre.org"
},
{
"url": "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released",
"source": "cve@mitre.org"

14
CVE-2023/CVE-2023-48xx/CVE-2023-4863.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4863",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-12T15:15:24.327",
"lastModified": "2023-09-22T09:15:09.497",
"lastModified": "2023-09-22T15:15:14.060",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-09-13",
"cisaActionDue": "2023-10-04",
@ -205,6 +205,18 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/1",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/3",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/4",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/5",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/",
"source": "chrome-cve-admin@google.com",

10
CVE-2023/CVE-2023-49xx/CVE-2023-4951.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4951",
"sourceIdentifier": "info@greenrocketsecurity.com",
"published": "2023-09-14T17:15:11.927",
"lastModified": "2023-09-19T13:25:40.600",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-22T15:15:14.253",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,14 +41,14 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW"

47
CVE-2023/CVE-2023-50xx/CVE-2023-5002.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-5002",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-09-22T14:15:47.213",
"lastModified": "2023-09-22T14:15:47.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239164",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://github.com/pgadmin-org/pgadmin4/issues/6763",
"source": "patrick@puiterwijk.org"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-22T14:00:26.997357+00:00
2023-09-22T16:00:25.271214+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-22T13:50:25.283000+00:00
2023-09-22T15:23:52.010000+00:00
```
### Last Data Feed Release
@ -29,37 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226044
226050
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `6`
* [CVE-2022-3874](CVE-2022/CVE-2022-38xx/CVE-2022-3874.json) (`2023-09-22T14:15:44.943`)
* [CVE-2022-4039](CVE-2022/CVE-2022-40xx/CVE-2022-4039.json) (`2023-09-22T15:15:09.847`)
* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-22T14:15:45.627`)
* [CVE-2023-5002](CVE-2023/CVE-2023-50xx/CVE-2023-5002.json) (`2023-09-22T14:15:47.213`)
* [CVE-2023-23766](CVE-2023/CVE-2023-237xx/CVE-2023-23766.json) (`2023-09-22T15:15:10.557`)
* [CVE-2023-43144](CVE-2023/CVE-2023-431xx/CVE-2023-43144.json) (`2023-09-22T15:15:12.827`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `32`
* [CVE-2022-3563](CVE-2022/CVE-2022-35xx/CVE-2022-3563.json) (`2023-09-22T13:50:12.900`)
* [CVE-2022-3637](CVE-2022/CVE-2022-36xx/CVE-2022-3637.json) (`2023-09-22T13:50:25.283`)
* [CVE-2023-39043](CVE-2023/CVE-2023-390xx/CVE-2023-39043.json) (`2023-09-22T13:22:19.643`)
* [CVE-2023-23362](CVE-2023/CVE-2023-233xx/CVE-2023-23362.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-23363](CVE-2023/CVE-2023-233xx/CVE-2023-23363.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-23364](CVE-2023/CVE-2023-233xx/CVE-2023-23364.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-43090](CVE-2023/CVE-2023-430xx/CVE-2023-43090.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-43771](CVE-2023/CVE-2023-437xx/CVE-2023-43771.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-43782](CVE-2023/CVE-2023-437xx/CVE-2023-43782.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-43783](CVE-2023/CVE-2023-437xx/CVE-2023-43783.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-43784](CVE-2023/CVE-2023-437xx/CVE-2023-43784.json) (`2023-09-22T13:24:08.480`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-09-22T13:44:01.787`)
* [CVE-2023-25525](CVE-2023/CVE-2023-255xx/CVE-2023-25525.json) (`2023-09-22T13:46:24.437`)
* [CVE-2023-4291](CVE-2023/CVE-2023-42xx/CVE-2023-4291.json) (`2023-09-22T13:47:31.797`)
* [CVE-2023-4292](CVE-2023/CVE-2023-42xx/CVE-2023-4292.json) (`2023-09-22T13:48:01.647`)
* [CVE-2023-5104](CVE-2023/CVE-2023-51xx/CVE-2023-5104.json) (`2023-09-22T13:48:21.577`)
* [CVE-2023-4753](CVE-2023/CVE-2023-47xx/CVE-2023-4753.json) (`2023-09-22T13:50:21.603`)
* [CVE-2023-43201](CVE-2023/CVE-2023-432xx/CVE-2023-43201.json) (`2023-09-22T14:01:39.377`)
* [CVE-2023-43200](CVE-2023/CVE-2023-432xx/CVE-2023-43200.json) (`2023-09-22T14:01:51.467`)
* [CVE-2023-43199](CVE-2023/CVE-2023-431xx/CVE-2023-43199.json) (`2023-09-22T14:02:05.137`)
* [CVE-2023-43198](CVE-2023/CVE-2023-431xx/CVE-2023-43198.json) (`2023-09-22T14:02:21.840`)
* [CVE-2023-43197](CVE-2023/CVE-2023-431xx/CVE-2023-43197.json) (`2023-09-22T14:02:34.260`)
* [CVE-2023-43196](CVE-2023/CVE-2023-431xx/CVE-2023-43196.json) (`2023-09-22T14:03:04.087`)
* [CVE-2023-43207](CVE-2023/CVE-2023-432xx/CVE-2023-43207.json) (`2023-09-22T14:03:39.580`)
* [CVE-2023-43206](CVE-2023/CVE-2023-432xx/CVE-2023-43206.json) (`2023-09-22T14:03:46.960`)
* [CVE-2023-43204](CVE-2023/CVE-2023-432xx/CVE-2023-43204.json) (`2023-09-22T14:03:57.567`)
* [CVE-2023-26144](CVE-2023/CVE-2023-261xx/CVE-2023-26144.json) (`2023-09-22T14:05:10.610`)
* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2023-09-22T14:15:46.093`)
* [CVE-2023-42446](CVE-2023/CVE-2023-424xx/CVE-2023-42446.json) (`2023-09-22T14:21:40.147`)
* [CVE-2023-25526](CVE-2023/CVE-2023-255xx/CVE-2023-25526.json) (`2023-09-22T14:27:20.893`)
* [CVE-2023-42443](CVE-2023/CVE-2023-424xx/CVE-2023-42443.json) (`2023-09-22T14:30:04.887`)
* [CVE-2023-38255](CVE-2023/CVE-2023-382xx/CVE-2023-38255.json) (`2023-09-22T14:32:10.853`)
* [CVE-2023-41965](CVE-2023/CVE-2023-419xx/CVE-2023-41965.json) (`2023-09-22T14:32:28.460`)
* [CVE-2023-41387](CVE-2023/CVE-2023-413xx/CVE-2023-41387.json) (`2023-09-22T14:41:50.660`)
* [CVE-2023-41890](CVE-2023/CVE-2023-418xx/CVE-2023-41890.json) (`2023-09-22T15:06:53.240`)
* [CVE-2023-41179](CVE-2023/CVE-2023-411xx/CVE-2023-41179.json) (`2023-09-22T15:08:32.273`)
* [CVE-2023-41048](CVE-2023/CVE-2023-410xx/CVE-2023-41048.json) (`2023-09-22T15:15:11.000`)
* [CVE-2023-42457](CVE-2023/CVE-2023-424xx/CVE-2023-42457.json) (`2023-09-22T15:15:11.723`)
* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-22T15:15:12.590`)
* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-22T15:15:14.060`)
* [CVE-2023-4951](CVE-2023/CVE-2023-49xx/CVE-2023-4951.json) (`2023-09-22T15:15:14.253`)
* [CVE-2023-32184](CVE-2023/CVE-2023-321xx/CVE-2023-32184.json) (`2023-09-22T15:23:52.010`)
## Download and Usage