admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-06T21:00:24.562759+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-06 21:00:28 +00:00
parent 744a570d86
commit acd534a240
54 changed files with 8529 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023/CVE-2023-06xx/CVE-2023-0686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0686",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T20:15:14.367",
"lastModified": "2023-11-07T04:01:13.040",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T20:22:59.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,8 +81,8 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"type": "Primary",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",

64
CVE-2023/CVE-2023-24xx/CVE-2023-2439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2439",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-31T03:15:07.973",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:03:34.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.6",
"matchCriteriaId": "5E193ACD-B994-430D-B61D-94B63CC92ECB"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21cb424c-4efd-4c12-a08a-6d574f118c28?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-315xx/CVE-2023-31505.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31505",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T03:15:08.160",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:06:30.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en Schlix CMS v2.2.8-1 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un archivo .phtml manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schlix:cms:2.2.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD764599-E245-4AC9-A9EE-004CB7BA676C"
}
]
}
]
}
],
"references": [
{
"url": "https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31505",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-393xx/CVE-2023-39302.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39302",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:47.120",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:54:10.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-33",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-393xx/CVE-2023-39303.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39303",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:47.323",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:57:03.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de autenticaci\u00f3n incorrecta afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios comprometer la seguridad del sistema a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-33",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-412xx/CVE-2023-41273.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41273",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:47.527",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:53:21.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +84,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41274.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41274",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:47.730",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:57:39.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de desreferencia de puntero NULL afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41275.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41275",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:47.923",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:53:40.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41276.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41276",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:48.143",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:33:15.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41277.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41277",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:48.337",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:38:17.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41278.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41278",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:48.527",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:38:30.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41279.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41279",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:48.730",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:10:17.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-412xx/CVE-2023-41280.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41280",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:48.940",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:10:07.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*",
"matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*",
"matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-38",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

147
CVE-2023/CVE-2023-412xx/CVE-2023-41281.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41281",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:49.137",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:09:50.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +84,115 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:*:*:*:*:*:*:*",
"matchCriteriaId": "F860CFD5-3B84-46F2-8596-9CF3D3305DB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:-:*:*:*:*:*:*",
"matchCriteriaId": "4A2A0A37-D0A4-4801-BED4-D367188EFF00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-53",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

155
CVE-2023/CVE-2023-412xx/CVE-2023-41282.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41282",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:49.327",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:09:20.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +84,125 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*",
"matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*",
"matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-53",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

135
CVE-2023/CVE-2023-412xx/CVE-2023-41283.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41283",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:49.523",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:08:43.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +74,115 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:-:*:*:*:*:*:*",
"matchCriteriaId": "632DA602-2920-4418-B6E3-1AA9EA671FD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:-:*:*:*:*:*:*",
"matchCriteriaId": "4A2A0A37-D0A4-4801-BED4-D367188EFF00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-53",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

135
CVE-2023/CVE-2023-412xx/CVE-2023-41292.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41292",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:49.713",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:05:45.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,115 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:-:*:*:*:*:*:*",
"matchCriteriaId": "632DA602-2920-4418-B6E3-1AA9EA671FD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:-:*:*:*:*:*:*",
"matchCriteriaId": "4A2A0A37-D0A4-4801-BED4-D367188EFF00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-46",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-437xx/CVE-2023-43756.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43756",
"sourceIdentifier": "scy@openharmony.io",
"published": "2024-02-02T07:15:08.890",
"lastModified": "2024-02-02T13:36:31.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:58:28.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "86CDAE84-BD14-434C-8CAC-1262E5E4B7CE"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-450xx/CVE-2023-45026.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45026",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:50.110",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:04:57.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de path traversal afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,125 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*",
"matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*",
"matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-02",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-450xx/CVE-2023-45027.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45027",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:50.303",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:19:44.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de path traversal afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,125 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*",
"matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*",
"matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-02",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

157
CVE-2023/CVE-2023-450xx/CVE-2023-45028.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45028",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:50.500",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:19:17.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de consumo de recursos incontrolado afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +84,125 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*",
"matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*",
"matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-02",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-450xx/CVE-2023-45036.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45036",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:51.103",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:18:45.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-46",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-450xx/CVE-2023-45037.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45037",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:51.493",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:18:34.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-46",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-475xx/CVE-2023-47566.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47566",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:52.473",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:18:26.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,125 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*",
"matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*",
"matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-04",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

155
CVE-2023/CVE-2023-503xx/CVE-2023-50359.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50359",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-02T16:15:53.073",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:18:14.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de valor de retorno no verificada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados colocar el sistema en un estado que podr\u00eda provocar una falla u otros comportamientos no deseados a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +80,125 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*",
"matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*",
"matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*",
"matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*",
"matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-07",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-515xx/CVE-2023-51520.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51520",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T12:15:54.100",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:20:11.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WPdevelop/Oplugins WP Booking Calendar permite XSS almacenado. Este problema afecta a WP Booking Calendar: desde n/a antes de 9.7.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpbookingcalendar:booking_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.7.4",
"matchCriteriaId": "67AD9C8A-BEB3-49B3-8B3F-E656F2563CD1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/booking/wordpress-booking-calendar-plugin-9-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52175.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52175",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:08.580",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:46:18.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin: from n/a through 5.1.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Michael Uno (miunosoft) Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin permite XSS almacenado. Este problema afecta Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin: desde n/ a hasta 5.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:michaeluno:auto_amazon_links:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.2",
"matchCriteriaId": "11A3D66D-D5C2-4DFB-9B31-5C938EA63DE7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/amazon-auto-links/wordpress-auto-amazon-links-amazon-associates-affiliate-plugin-5-0-5-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

26
CVE-2023/CVE-2023-66xx/CVE-2023-6676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6676",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-02T13:15:09.497",
"lastModified": "2024-02-02T13:36:23.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:51:50.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0080",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

16
CVE-2023/CVE-2023-69xx/CVE-2023-6909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6909",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-18T04:15:52.367",
"lastModified": "2023-12-20T04:07:34.867",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-06T20:16:01.753",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -43,20 +43,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
"impactScore": 3.6
}
]
},

16
CVE-2023/CVE-2023-69xx/CVE-2023-6915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6915",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T10:15:26.627",
"lastModified": "2024-02-06T15:15:08.610",
"vulnStatus": "Modified",
"lastModified": "2024-02-06T19:58:45.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{

12
CVE-2023/CVE-2023-69xx/CVE-2023-6975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6975",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-20T06:15:45.553",
"lastModified": "2023-12-29T16:39:54.763",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-06T20:16:02.677",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -43,20 +43,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
"impactScore": 5.9
}
]
},

70
CVE-2023/CVE-2023-72xx/CVE-2023-7225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7225",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-30T08:15:40.090",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:12:27.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.88.16",
"matchCriteriaId": "BE254911-09FD-4E7D-BA0F-A0EDE608C52E"
}
]
}
]
}
],
"references": [
{
"url": "https://advisory.abay.sh/cve-2023-7225/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023266%40mappress-google-maps-for-wordpress%2Ftrunk&old=3022439%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fce76126-0cfd-464f-b644-45d4301e958d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2024/CVE-2024-10xx/CVE-2024-1048.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1048",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-06T18:15:59.250",
"lastModified": "2024-02-06T18:15:59.250",
"lastModified": "2024-02-06T19:15:09.083",
"vulnStatus": "Received",
"descriptions": [
{
@ -17,23 +17,35 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.5,
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/06/3",

70
CVE-2024/CVE-2024-10xx/CVE-2024-1069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1069",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-31T03:15:08.573",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:11:52.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:database_for_contact_form_7\\,_wpforms\\,_elementor_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "E570814A-D626-40C4-8F04-8E9953B0A622"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3028640/contact-form-entries#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-11xx/CVE-2024-1196.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T22:15:25.997",
"lastModified": "2024-02-03T00:07:59.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:57:49.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Testimonial Page Manager 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo add-testimonial.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento nombre/descripci\u00f3n/testimonio conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. VDB-252694 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +95,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:testimonial_page_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6031C8F3-826A-4CD4-A296-FEC8EC9E2883"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252694",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252694",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1254.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1254",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T19:15:09.747",
"lastModified": "2024-02-06T19:15:09.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252993",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252993",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2024/CVE-2024-12xx/CVE-2024-1255.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2024-1255",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T19:15:10.270",
"lastModified": "2024-02-06T19:15:10.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252994",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252994",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1256.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1256",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T20:16:02.943",
"lastModified": "2024-02-06T20:16:02.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252995",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252995",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1257.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1257",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T20:16:03.213",
"lastModified": "2024-02-06T20:16:03.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252996",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252996",
"source": "cna@vuldb.com"
}
]
}

4188
CVE-2024/CVE-2024-202xx/CVE-2024-20263.json
View File

File diff suppressed because it is too large Load Diff

43
CVE-2024/CVE-2024-222xx/CVE-2024-22237.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22237",
"sourceIdentifier": "security@vmware.com",
"published": "2024-02-06T20:16:03.430",
"lastModified": "2024-02-06T20:16:03.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22238.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22238",
"sourceIdentifier": "security@vmware.com",
"published": "2024-02-06T20:16:03.590",
"lastModified": "2024-02-06T20:16:03.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aria Operations for Networks contains a cross site scripting vulnerability.\u00a0A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22239.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22239",
"sourceIdentifier": "security@vmware.com",
"published": "2024-02-06T20:16:03.750",
"lastModified": "2024-02-06T20:16:03.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22240.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22240",
"sourceIdentifier": "security@vmware.com",
"published": "2024-02-06T20:16:03.917",
"lastModified": "2024-02-06T20:16:03.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aria Operations for Networks contains a local file read vulnerability.\u00a0A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2024/CVE-2024-222xx/CVE-2024-22241.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22241",
"sourceIdentifier": "security@vmware.com",
"published": "2024-02-06T20:16:04.080",
"lastModified": "2024-02-06T20:16:04.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aria Operations for Networks contains a cross site scripting vulnerability.\u00a0A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. \u00a0 "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"source": "security@vmware.com"
}
]
}

80
CVE-2024/CVE-2024-223xx/CVE-2024-22319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22319",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T03:15:10.573",
"lastModified": "2024-02-06T01:15:09.500",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T19:52:31.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -41,7 +61,7 @@
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +70,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7112382",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-223xx/CVE-2024-22320.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22320",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-02T03:15:10.780",
"lastModified": "2024-02-02T04:58:55.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:54:23.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146."
},
{
"lang": "es",
"value": "IBM Operational Decision Manager versiones 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podr\u00edan permitir que un atacante remoto autenticado ejecute c\u00f3digo arbitrario en el sistema, causado por una deserializaci\u00f3n insegura. Al enviar una solicitud especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto de SYSTEM. ID de IBM X-Force: 279146."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7112382",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-237xx/CVE-2024-23745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23745",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T02:15:54.520",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:42:12.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "En Notion Web Clipper 1.0.3(7), un archivo .nib es susceptible al ataque Dirty NIB. Los archivos NIB se pueden manipular para ejecutar comandos arbitrarios. Adem\u00e1s, incluso si un archivo NIB se modifica dentro de una aplicaci\u00f3n, Gatekeeper a\u00fan puede permitir la ejecuci\u00f3n de la aplicaci\u00f3n, permitiendo la ejecuci\u00f3n de comandos arbitrarios dentro del contexto de la aplicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:notion:web_clipper:1.0.3\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "576F54DE-EF87-494A-B7DF-8FCC28062CBD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/louiselalanne/CVE-2024-23745",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

112
CVE-2024/CVE-2024-239xx/CVE-2024-23940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23940",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-29T19:15:08.887",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:19:33.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,119 @@
"value": "Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versi\u00f3n 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podr\u00eda permitir a un atacante hacerse pasar por una librer\u00eda y modificarla para ejecutar c\u00f3digo en el sistema y, en \u00faltima instancia, escalar privilegios en un sistema afectado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:air_support:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.2103",
"matchCriteriaId": "71C8D540-28F7-4DEC-8126-C51469277DB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.2103",
"matchCriteriaId": "1F1C4167-F289-4215-A96F-24303D201442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:internet_security:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.2103",
"matchCriteriaId": "B3A9AD3B-56F3-4D9E-841D-274E5B31AFD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:maximum_security:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.2103",
"matchCriteriaId": "1FD0AABD-3118-4B89-A9F6-61CEFAA1099B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:premium_security:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.2103",
"matchCriteriaId": "314702FF-25AD-44BE-B984-4E57FE5A02D6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-12134",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-241xx/CVE-2024-24160.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24160",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T16:15:55.833",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:59:08.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do."
},
{
"lang": "es",
"value": "MRCMS 3.0 contiene una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /admin/system/saveinfo.do."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrcms:mrcms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC8B6F2A-C4B3-487F-B391-ECA5F1A2DDD9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/wy876/cve/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

56
CVE-2024/CVE-2024-245xx/CVE-2024-24556.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24556",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T18:15:48.507",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:24:46.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1"
},
{
"lang": "es",
"value": "urql es un cliente GraphQL que expone un conjunto de ayudas para varios marcos. El paquete `@urql/next` es vulnerable a XSS. Para explotar esto, un atacante deber\u00eda asegurarse de que la respuesta devuelva etiquetas \"html\" y que la aplicaci\u00f3n web utilice respuestas transmitidas (no RSC). Esta vulnerabilidad se debe a un escape inadecuado de caracteres tipo html en el flujo de respuesta. Para corregir esta vulnerabilidad, actualice a la versi\u00f3n 1.1.1"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nearform:urql:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "1.1.1",
"matchCriteriaId": "96B3F1EE-9B75-4E74-9768-96C0EEFE0080"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-245xx/CVE-2024-24558.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24558",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T20:15:45.690",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:35:24.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.\n"
},
{
"lang": "es",
"value": "TanStack Query proporciona administraci\u00f3n de estado asincr\u00f3nica, utilidades de estado de servidor y recuperaci\u00f3n de datos para la web. El paquete NPM `@tanstack/react-query-next-experimental` es afectado por una vulnerabilidad de cross site scripting. Para aprovechar esto, un atacante necesitar\u00eda inyectar entradas maliciosas o hacer arreglos para que se devuelvan entradas maliciosas desde un endpoint. Para solucionar este problema, actualice a la versi\u00f3n 5.18.0 o posterior."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tanstack:query:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.18.0",
"matchCriteriaId": "B5F96146-94D8-4FA0-9A21-80012DB0B2FB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-245xx/CVE-2024-24567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24567",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T21:15:08.607",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:41:58.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*",
"versionEndIncluding": "0.3.10",
"matchCriteriaId": "832C489D-4288-46B4-A29E-0E7168748042"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

82
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-06T19:00:33.081430+00:00
2024-02-06T21:00:24.562759+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-06T18:56:43.787000+00:00
2024-02-06T20:59:08.493000+00:00
```
### Last Data Feed Release
@ -29,57 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237796
237805
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `9`
* [CVE-2023-36498](CVE-2023/CVE-2023-364xx/CVE-2023-36498.json) (`2024-02-06T17:15:08.527`)
* [CVE-2023-40545](CVE-2023/CVE-2023-405xx/CVE-2023-40545.json) (`2024-02-06T18:15:58.470`)
* [CVE-2023-42664](CVE-2023/CVE-2023-426xx/CVE-2023-42664.json) (`2024-02-06T17:15:08.770`)
* [CVE-2023-43482](CVE-2023/CVE-2023-434xx/CVE-2023-43482.json) (`2024-02-06T17:15:08.973`)
* [CVE-2023-46683](CVE-2023/CVE-2023-466xx/CVE-2023-46683.json) (`2024-02-06T17:15:09.180`)
* [CVE-2023-47167](CVE-2023/CVE-2023-471xx/CVE-2023-47167.json) (`2024-02-06T17:15:09.380`)
* [CVE-2023-47209](CVE-2023/CVE-2023-472xx/CVE-2023-47209.json) (`2024-02-06T17:15:09.593`)
* [CVE-2023-47617](CVE-2023/CVE-2023-476xx/CVE-2023-47617.json) (`2024-02-06T17:15:09.797`)
* [CVE-2023-47618](CVE-2023/CVE-2023-476xx/CVE-2023-47618.json) (`2024-02-06T17:15:10.013`)
* [CVE-2024-1252](CVE-2024/CVE-2024-12xx/CVE-2024-1252.json) (`2024-02-06T17:15:10.280`)
* [CVE-2024-1253](CVE-2024/CVE-2024-12xx/CVE-2024-1253.json) (`2024-02-06T17:15:10.507`)
* [CVE-2024-22331](CVE-2024/CVE-2024-223xx/CVE-2024-22331.json) (`2024-02-06T17:15:10.740`)
* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T18:15:59.250`)
* [CVE-2024-1254](CVE-2024/CVE-2024-12xx/CVE-2024-1254.json) (`2024-02-06T19:15:09.747`)
* [CVE-2024-1255](CVE-2024/CVE-2024-12xx/CVE-2024-1255.json) (`2024-02-06T19:15:10.270`)
* [CVE-2024-1256](CVE-2024/CVE-2024-12xx/CVE-2024-1256.json) (`2024-02-06T20:16:02.943`)
* [CVE-2024-1257](CVE-2024/CVE-2024-12xx/CVE-2024-1257.json) (`2024-02-06T20:16:03.213`)
* [CVE-2024-22237](CVE-2024/CVE-2024-222xx/CVE-2024-22237.json) (`2024-02-06T20:16:03.430`)
* [CVE-2024-22238](CVE-2024/CVE-2024-222xx/CVE-2024-22238.json) (`2024-02-06T20:16:03.590`)
* [CVE-2024-22239](CVE-2024/CVE-2024-222xx/CVE-2024-22239.json) (`2024-02-06T20:16:03.750`)
* [CVE-2024-22240](CVE-2024/CVE-2024-222xx/CVE-2024-22240.json) (`2024-02-06T20:16:03.917`)
* [CVE-2024-22241](CVE-2024/CVE-2024-222xx/CVE-2024-22241.json) (`2024-02-06T20:16:04.080`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `44`
* [CVE-2023-51982](CVE-2023/CVE-2023-519xx/CVE-2023-51982.json) (`2024-02-06T18:30:13.563`)
* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-06T18:37:23.327`)
* [CVE-2023-6374](CVE-2023/CVE-2023-63xx/CVE-2023-6374.json) (`2024-02-06T18:50:48.063`)
* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2024-02-06T18:53:02.780`)
* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T17:52:56.963`)
* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T17:53:00.620`)
* [CVE-2024-22569](CVE-2024/CVE-2024-225xx/CVE-2024-22569.json) (`2024-02-06T18:07:39.733`)
* [CVE-2024-1111](CVE-2024/CVE-2024-11xx/CVE-2024-1111.json) (`2024-02-06T18:11:45.033`)
* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-02-06T18:20:46.017`)
* [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-02-06T18:21:15.953`)
* [CVE-2024-23647](CVE-2024/CVE-2024-236xx/CVE-2024-23647.json) (`2024-02-06T18:22:58.250`)
* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-02-06T18:32:20.340`)
* [CVE-2024-23342](CVE-2024/CVE-2024-233xx/CVE-2024-23342.json) (`2024-02-06T18:36:47.733`)
* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-02-06T18:38:53.870`)
* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-02-06T18:56:43.787`)
* [CVE-2023-41279](CVE-2023/CVE-2023-412xx/CVE-2023-41279.json) (`2024-02-06T20:10:17.043`)
* [CVE-2023-6909](CVE-2023/CVE-2023-69xx/CVE-2023-6909.json) (`2024-02-06T20:16:01.753`)
* [CVE-2023-6975](CVE-2023/CVE-2023-69xx/CVE-2023-6975.json) (`2024-02-06T20:16:02.677`)
* [CVE-2023-50359](CVE-2023/CVE-2023-503xx/CVE-2023-50359.json) (`2024-02-06T20:18:14.547`)
* [CVE-2023-47566](CVE-2023/CVE-2023-475xx/CVE-2023-47566.json) (`2024-02-06T20:18:26.263`)
* [CVE-2023-45037](CVE-2023/CVE-2023-450xx/CVE-2023-45037.json) (`2024-02-06T20:18:34.557`)
* [CVE-2023-45036](CVE-2023/CVE-2023-450xx/CVE-2023-45036.json) (`2024-02-06T20:18:45.043`)
* [CVE-2023-45028](CVE-2023/CVE-2023-450xx/CVE-2023-45028.json) (`2024-02-06T20:19:17.697`)
* [CVE-2023-45027](CVE-2023/CVE-2023-450xx/CVE-2023-45027.json) (`2024-02-06T20:19:44.367`)
* [CVE-2023-51520](CVE-2023/CVE-2023-515xx/CVE-2023-51520.json) (`2024-02-06T20:20:11.330`)
* [CVE-2023-0686](CVE-2023/CVE-2023-06xx/CVE-2023-0686.json) (`2024-02-06T20:22:59.393`)
* [CVE-2023-52175](CVE-2023/CVE-2023-521xx/CVE-2023-52175.json) (`2024-02-06T20:46:18.473`)
* [CVE-2023-6676](CVE-2023/CVE-2023-66xx/CVE-2023-6676.json) (`2024-02-06T20:51:50.407`)
* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T19:15:09.083`)
* [CVE-2024-23940](CVE-2024/CVE-2024-239xx/CVE-2024-23940.json) (`2024-02-06T19:19:33.920`)
* [CVE-2024-20263](CVE-2024/CVE-2024-202xx/CVE-2024-20263.json) (`2024-02-06T19:23:20.600`)
* [CVE-2024-24556](CVE-2024/CVE-2024-245xx/CVE-2024-24556.json) (`2024-02-06T19:24:46.810`)
* [CVE-2024-24558](CVE-2024/CVE-2024-245xx/CVE-2024-24558.json) (`2024-02-06T19:35:24.230`)
* [CVE-2024-24567](CVE-2024/CVE-2024-245xx/CVE-2024-24567.json) (`2024-02-06T19:41:58.417`)
* [CVE-2024-22319](CVE-2024/CVE-2024-223xx/CVE-2024-22319.json) (`2024-02-06T19:52:31.520`)
* [CVE-2024-22320](CVE-2024/CVE-2024-223xx/CVE-2024-22320.json) (`2024-02-06T19:54:23.043`)
* [CVE-2024-1069](CVE-2024/CVE-2024-10xx/CVE-2024-1069.json) (`2024-02-06T20:11:52.587`)
* [CVE-2024-23745](CVE-2024/CVE-2024-237xx/CVE-2024-23745.json) (`2024-02-06T20:42:12.490`)
* [CVE-2024-1196](CVE-2024/CVE-2024-11xx/CVE-2024-1196.json) (`2024-02-06T20:57:49.480`)
* [CVE-2024-24160](CVE-2024/CVE-2024-241xx/CVE-2024-24160.json) (`2024-02-06T20:59:08.493`)
## Download and Usage