admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-25T14:00:24.482349+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-25 14:00:28 +00:00
parent 821855731d
commit ae64b6cf89
41 changed files with 2023 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2015/CVE-2015-69xx/CVE-2015-6964.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-6964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T05:15:10.243",
"lastModified": "2023-09-25T05:15:10.243",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC)."
},
{
"lang": "es",
"value": "MultiBit HD anterior a la versi\u00f3n 0.1.2 permite a los atacantes realizar ataques de bit-flipping que insertan direcciones de Bitcoin no utilizables en la lista que utiliza MultiBit para enviar multas a los desarrolladores. (En realidad, los atacantes no pueden robar estas \"multas\" para s\u00ed mismos). Esto ocurre porque no existe un c\u00f3digo de autenticaci\u00f3n de mensajes (MAC)."
}
],
"metrics": {},

6
CVE-2020/CVE-2020-222xx/CVE-2020-22219.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22219",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.190",
"lastModified": "2023-09-19T05:15:50.187",
"lastModified": "2023-09-25T12:15:10.617",
"vulnStatus": "Modified",
"descriptions": [
{
@ -77,6 +77,10 @@
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00028.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZD2AJTU4PCJQP7HPTS2L2ELJWBASCRGD/",
"source": "cve@mitre.org"

93
CVE-2022/CVE-2022-14xx/CVE-2022-1438.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-1438",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T14:15:12.607",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T13:40:48.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Keycloak. En circunstancias espec\u00edficas, las entidades HTML no se sanitizan durante la suplantaci\u00f3n de usuarios, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,34 +58,85 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:1043",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1044",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1045",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1049",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1438",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

36
CVE-2022/CVE-2022-486xx/CVE-2022-48605.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2022-48605",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:10.590",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

8
CVE-2023/CVE-2023-394xx/CVE-2023-39407.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39407",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T09:15:10.397",
"lastModified": "2023-09-25T09:15:10.397",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity."
},
{
"lang": "es",
"value": "Watchkit tiene el riesgo de acceso no autorizado a archivos. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad y la integridad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-394xx/CVE-2023-39408.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39408",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T09:15:10.690",
"lastModified": "2023-09-25T09:15:10.690",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart."
},
{
"lang": "es",
"value": "Vulnerabilidad DoS en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-394xx/CVE-2023-39409.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39409",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T11:15:12.447",
"lastModified": "2023-09-25T11:15:12.447",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart."
},
{
"lang": "es",
"value": "Vulnerabilidad DoS en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie."
}
],
"metrics": {},

72
CVE-2023/CVE-2023-409xx/CVE-2023-40989.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2023-40989",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T20:15:09.697",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:47:01.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en jeecgboot jeecg-boot v 3.0, 3.5.3 que permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al componente report/jeecgboot/jmreport/queryFieldBySql."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45720048-60C0-4FA8-AA09-16C8CF329FD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD318E5-54CE-4319-86AA-557941459ED4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-410xx/CVE-2023-41084.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41084",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-18T20:15:10.017",
"lastModified": "2023-09-19T03:37:34.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:54:29.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\n\n\nSession management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La gesti\u00f3n de sesiones dentro de la aplicaci\u00f3n web es incorrecta y permite a los atacantes robar cookies de sesi\u00f3n para realizar multitud de acciones que la aplicaci\u00f3n web permite en el dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +70,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

36
CVE-2023/CVE-2023-412xx/CVE-2023-41293.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-41293",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:10.727",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-227"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

24
CVE-2023/CVE-2023-412xx/CVE-2023-41294.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41294",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:10.827",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services."
},
{
"lang": "es",
"value": "El m\u00f3dulo DP tiene una vulnerabilidad de secuestro de servicios. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar algunos servicios de Super Device."
}
],
"metrics": {},
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

28
CVE-2023/CVE-2023-412xx/CVE-2023-41295.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41295",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:10.897",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim."
},
{
"lang": "es",
"value": "Vulnerabilidad de gesti\u00f3n inadecuada de permisos en el m\u00f3dulo displayengine. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que la pantalla se aten\u00fae."
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

40
CVE-2023/CVE-2023-412xx/CVE-2023-41296.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-41296",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:10.957",
"lastModified": "2023-09-25T12:48:30.333",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en el m\u00f3dulo del kernel. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la integridad y la confidencialidad."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

28
CVE-2023/CVE-2023-412xx/CVE-2023-41297.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41297",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:11.033",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking."
},
{
"lang": "es",
"value": "Vulnerabilidad de defectos introducidos en el proceso de dise\u00f1o en el m\u00f3dulo HiviewTunner. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar el secuestro del servicio."
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

28
CVE-2023/CVE-2023-412xx/CVE-2023-41298.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41298",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:11.090",
"lastModified": "2023-09-25T12:53:29.640",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality."
},
{
"lang": "es",
"value": "Vulnerabilidad del control de permisos en el m\u00f3dulo de ventana. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad."
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

40
CVE-2023/CVE-2023-412xx/CVE-2023-41299.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-41299",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:11.147",
"lastModified": "2023-09-25T12:54:53.280",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart."
},
{
"lang": "es",
"value": "Vulnerabilidad DoS en el m\u00f3dulo PMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que el sistema se reinicie."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

36
CVE-2023/CVE-2023-413xx/CVE-2023-41300.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-41300",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.037",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

24
CVE-2023/CVE-2023-413xx/CVE-2023-41301.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41301",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.250",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally."
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

36
CVE-2023/CVE-2023-413xx/CVE-2023-41302.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-41302",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.323",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
}
]
}

36
CVE-2023/CVE-2023-413xx/CVE-2023-41303.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-41303",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:11.557",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified."
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt@huawei.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
},
{
"url": "https://https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
}
]
}

28
CVE-2023/CVE-2023-414xx/CVE-2023-41419.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41419",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T12:15:11.210",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component."
},
{
"lang": "es",
"value": "Un problema en Gevent Gevent anterior a la versi\u00f3n 23.9.1 permite a un atacante remoto escalar privilegios mediante un script manipulado al componente WSGIServer."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gevent/gevent/issues/1989",
"source": "cve@mitre.org"
}
]
}

51
CVE-2023/CVE-2023-418xx/CVE-2023-41872.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41872",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T02:15:09.827",
"lastModified": "2023-09-25T02:15:09.827",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:04:42.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <=\u00a07.2.4 versions."
},
{
"lang": "es",
"value": "No autenticado. Vulnerabilidad de Cross-Site Scripting (XSS) reflejada en el complemento Xtemos WoodMart &lt;= versiones 7.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.2.4",
"matchCriteriaId": "986779EE-90CE-4D9A-BC55-DBBBC5A38800"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-431xx/CVE-2023-43128.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-43128",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T23:15:12.133",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:47:09.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters."
},
{
"lang": "es",
"value": "El router inal\u00e1mbrico D-LINK DIR-806 1200M11AC DIR806A1_FW100CNb11 es vulnerable a la inyecci\u00f3n de comandos debido al filtrado laxo de los par\u00e1metros HTTP_ST."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-806_firmware:100cnb11:*:*:*:*:*:*:*",
"matchCriteriaId": "292887DC-FC69-4159-9123-AFF5F8CC5797"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-806:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "99E3F7D8-77B9-4057-B254-881F95BA6D6D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mmmmmx1/dlink/blob/main/DIR-806/1/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-432xx/CVE-2023-43270.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43270",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T19:15:11.130",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:43:34.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que dst-admin v1.5.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s del par\u00e1metro userId en /home/playerOperate."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dst-admin_project:dst-admin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC570F6A-11DC-4A82-AB09-06E58AB46B63"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Libestor/someCVE/tree/main/dst-admin-RCE",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-434xx/CVE-2023-43468.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-43468",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.303",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:52:41.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en janobe Online Job Portal v.2020 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente login.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_job_portal_project:online_job_portal:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "C922B453-7BEB-4215-A7E3-1977BE0157FA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ae6e361b/30d56c116d9f727b91c418d044f42fd3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ae6e361b/Online-Job-Portal",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

77
CVE-2023/CVE-2023-434xx/CVE-2023-43469.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-43469",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.387",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:52:25.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en janobe Online Job Portal v.2020 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente ForPass.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_job_portal_project:online_job_portal:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "C922B453-7BEB-4215-A7E3-1977BE0157FA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ae6e361b/28ffc44d39e406ce1bc627c0c5c3a7de",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ae6e361b/Online-Job-Portal-Forget",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

78
CVE-2023/CVE-2023-434xx/CVE-2023-43470.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-43470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.470",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:51:55.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en janobe Online Voting System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente checklogin.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:online_voting_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C192377-E478-4D45-9C4A-90AA7443270F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ae6e361b/1ed56fbfbbfd368835b8a8089f8ee64a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ae6e361b/Online-Voting-System",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

82
CVE-2023/CVE-2023-434xx/CVE-2023-43494.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-43494",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.667",
"lastModified": "2023-09-20T18:15:12.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:43:35.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered."
},
{
"lang": "es",
"value": "Jenkins 2.50 a 2.423 (ambos inclusive), LTS 2.60.1 a 2.414.1 (ambos inclusive) no excluye variables de compilaci\u00f3n confidenciales (por ejemplo, valores de par\u00e1metros de contrase\u00f1a) de la b\u00fasqueda en el widget del historial de compilaci\u00f3n, lo que permite a los atacantes con permiso de elemento/lectura. para obtener valores de variables sensibles utilizadas en compilaciones probando iterativamente diferentes caracteres hasta que se descubre la secuencia correcta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionStartIncluding": "2.50",
"versionEndExcluding": "2.424",
"matchCriteriaId": "5429075A-09F1-4F3C-A487-A9DF0A08B28B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "2.60.1",
"versionEndExcluding": "2.414.2",
"matchCriteriaId": "9A7FCC84-AD94-48E6-AE0A-96C73A8E4614"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-09-22T17:52:46.230",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-25T12:15:11.270",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -105,6 +105,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4527",
"source": "secalert@redhat.com",

71
CVE-2023/CVE-2023-50xx/CVE-2023-5042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5042",
"sourceIdentifier": "security@acronis.com",
"published": "2023-09-20T12:15:12.077",
"lastModified": "2023-09-20T12:54:08.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:25:16.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -39,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -50,10 +82,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "40713",
"matchCriteriaId": "106FDA99-8B08-4FC5-A0B8-17EC5EADB5A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5330",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-51xx/CVE-2023-5125.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5125",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-23T05:15:31.320",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:47:46.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Contact Form by FormGet para WordPress es vulnerable a Stored Cross-Site Scripting del c\u00f3digo abreviado 'formget' en versiones hasta la 5.5.5 inclusive debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formget:contact_form_by_formget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.5.5",
"matchCriteriaId": "D29D4889-7620-4794-94E7-78E0CA7B4F66"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/formget-contact-form/trunk/index.php?rev=2145639#L504",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fdd73289-f292-4903-951e-6a89049d39a7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-51xx/CVE-2023-5134.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5134",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-23T08:15:10.283",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:47:32.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta."
},
{
"lang": "es",
"value": "Easy Registration Forms para WordPress es vulnerable a la Divulgaci\u00f3n de Informaci\u00f3n a trav\u00e9s del c\u00f3digo corto 'erforms_user_meta' en versiones hasta la 2.1.1 inclusive debido a controles insuficientes sobre la informaci\u00f3n recuperable a trav\u00e9s del c\u00f3digo corto. Esto hace posible que atacantes autenticados, con capacidades de nivel de suscriptor o superior, recuperen metadatos de usuario sensibles y arbitrarios."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easyregistrationforms:easy_registration_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "268FF3A7-3082-4561-B7E4-4E10C49BBF23"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/easy-registration-forms/tags/2.1.1/includes/class-user.php#L835",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-51xx/CVE-2023-5147.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5147",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T01:15:19.327",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:26:14.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en D-Link DAR-7000 hasta 20151231. Se ha clasificado como cr\u00edtica. Esto afecta a una parte desconocida del archivo /sysmanage/updateos.php. La manipulaci\u00f3n del argumento 1_file_upload conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-240243. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20updateos.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240243",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240243",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-51xx/CVE-2023-5148.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5148",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T01:15:19.420",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:26:12.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240244. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en D-Link DAR-7000 y DAR-8000 hasta 20151231. Ha sido declarada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /Tool/uploadfile.php. La manipulaci\u00f3n del argumento file_upload conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-240244. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,26 +97,101 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "69DE14E8-4D9F-4E0D-B322-720E07A49D40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E74A904C-319A-4DC0-A0E2-2247272C68DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20uploadfile.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20uploadfile.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240244",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240244",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-51xx/CVE-2023-5149.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5149",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T01:15:19.503",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T13:26:11.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240245 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en D-Link DAR-7000 hasta 20151231. Se calific\u00f3 como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /useratte/userattestation.php. La manipulaci\u00f3n del argumento web_img conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-240245. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20userattestation.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240245",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240245",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

127
CVE-2023/CVE-2023-51xx/CVE-2023-5150.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5150",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T02:15:10.560",
"lastModified": "2023-09-25T02:15:10.560",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:26:09.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Una vulnerabilidad clasificada como cr\u00edtica ha sido encontrada en D-Link DAR-7000 y DAR-8000 hasta 20151231. Una funci\u00f3n desconocida del archivo /useratte/web es afectada por esta vulnerabilidad. php. La manipulaci\u00f3n del argumento file_upload conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-240246 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,28 +95,113 @@
"value": "CWE-434"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "69DE14E8-4D9F-4E0D-B322-720E07A49D40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E74A904C-319A-4DC0-A0E2-2247272C68DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240246",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240246",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-51xx/CVE-2023-5151.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5151",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T02:15:10.657",
"lastModified": "2023-09-25T02:15:10.657",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:26:04.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240247. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Una vulnerabilidad ha sido encontrada en D-Link DAR-8000 hasta 20151231 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /autheditpwd.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento hid_id conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-240247. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "69DE14E8-4D9F-4E0D-B322-720E07A49D40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E74A904C-319A-4DC0-A0E2-2247272C68DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20autheditpwd.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240247",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240247",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-51xx/CVE-2023-5152.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5152",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T02:15:10.743",
"lastModified": "2023-09-25T02:15:10.743",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:26:02.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Una vulnerabilidad clasificada como cr\u00edtica ha sido encontrada en D-Link DAR-8000 hasta 20151231. Una funcionalidad desconocida del archivo /importexport es afectada por este problema .php. La manipulaci\u00f3n del argumento sql conduce a la inyecci\u00f3n de sql. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-240248. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "69DE14E8-4D9F-4E0D-B322-720E07A49D40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E74A904C-319A-4DC0-A0E2-2247272C68DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20importexport.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240248",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240248",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-51xx/CVE-2023-5153.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5153",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T03:15:09.390",
"lastModified": "2023-09-25T03:15:09.390",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:26:00.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en D-Link DAR-8000 hasta 20151231. Afecta a una parte desconocida del archivo /Tool/querysql.php . La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-240249. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "495BA542-4BC4-42FD-874F-3F7B1EB3E625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20querysql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240249",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240249",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-51xx/CVE-2023-5154.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5154",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T03:15:09.743",
"lastModified": "2023-09-25T03:15:09.743",
"vulnStatus": "Received",
"lastModified": "2023-09-25T13:25:52.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** ** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en D-Link DAR-8000 hasta 20151231 y se clasific\u00f3 como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /sysmanage/changelogo.php. La manipulaci\u00f3n del argumento file_upload conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-240250 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,64 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2015-12-31",
"matchCriteriaId": "69DE14E8-4D9F-4E0D-B322-720E07A49D40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E74A904C-319A-4DC0-A0E2-2247272C68DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20changelogo.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240250",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240250",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

49
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-25T12:00:24.296833+00:00
2023-09-25T14:00:24.482349+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-25T11:15:12.447000+00:00
2023-09-25T13:54:29.890000+00:00
```
### Last Data Feed Release
@ -29,20 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226095
226108
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `13`
* [CVE-2023-39409](CVE-2023/CVE-2023-394xx/CVE-2023-39409.json) (`2023-09-25T11:15:12.447`)
* [CVE-2022-48605](CVE-2022/CVE-2022-486xx/CVE-2022-48605.json) (`2023-09-25T13:15:10.590`)
* [CVE-2023-41296](CVE-2023/CVE-2023-412xx/CVE-2023-41296.json) (`2023-09-25T12:15:10.957`)
* [CVE-2023-41298](CVE-2023/CVE-2023-412xx/CVE-2023-41298.json) (`2023-09-25T12:15:11.090`)
* [CVE-2023-41299](CVE-2023/CVE-2023-412xx/CVE-2023-41299.json) (`2023-09-25T12:15:11.147`)
* [CVE-2023-41294](CVE-2023/CVE-2023-412xx/CVE-2023-41294.json) (`2023-09-25T12:15:10.827`)
* [CVE-2023-41295](CVE-2023/CVE-2023-412xx/CVE-2023-41295.json) (`2023-09-25T12:15:10.897`)
* [CVE-2023-41297](CVE-2023/CVE-2023-412xx/CVE-2023-41297.json) (`2023-09-25T12:15:11.033`)
* [CVE-2023-41419](CVE-2023/CVE-2023-414xx/CVE-2023-41419.json) (`2023-09-25T12:15:11.210`)
* [CVE-2023-41293](CVE-2023/CVE-2023-412xx/CVE-2023-41293.json) (`2023-09-25T13:15:10.727`)
* [CVE-2023-41300](CVE-2023/CVE-2023-413xx/CVE-2023-41300.json) (`2023-09-25T13:15:11.037`)
* [CVE-2023-41301](CVE-2023/CVE-2023-413xx/CVE-2023-41301.json) (`2023-09-25T13:15:11.250`)
* [CVE-2023-41302](CVE-2023/CVE-2023-413xx/CVE-2023-41302.json) (`2023-09-25T13:15:11.323`)
* [CVE-2023-41303](CVE-2023/CVE-2023-413xx/CVE-2023-41303.json) (`2023-09-25T13:15:11.557`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `27`
* [CVE-2022-1438](CVE-2022/CVE-2022-14xx/CVE-2022-1438.json) (`2023-09-25T13:40:48.813`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-25T12:15:11.270`)
* [CVE-2023-39407](CVE-2023/CVE-2023-394xx/CVE-2023-39407.json) (`2023-09-25T13:03:52.033`)
* [CVE-2023-39408](CVE-2023/CVE-2023-394xx/CVE-2023-39408.json) (`2023-09-25T13:03:52.033`)
* [CVE-2023-39409](CVE-2023/CVE-2023-394xx/CVE-2023-39409.json) (`2023-09-25T13:03:52.033`)
* [CVE-2023-41872](CVE-2023/CVE-2023-418xx/CVE-2023-41872.json) (`2023-09-25T13:04:42.943`)
* [CVE-2023-5042](CVE-2023/CVE-2023-50xx/CVE-2023-5042.json) (`2023-09-25T13:25:16.230`)
* [CVE-2023-5154](CVE-2023/CVE-2023-51xx/CVE-2023-5154.json) (`2023-09-25T13:25:52.120`)
* [CVE-2023-5153](CVE-2023/CVE-2023-51xx/CVE-2023-5153.json) (`2023-09-25T13:26:00.733`)
* [CVE-2023-5152](CVE-2023/CVE-2023-51xx/CVE-2023-5152.json) (`2023-09-25T13:26:02.773`)
* [CVE-2023-5151](CVE-2023/CVE-2023-51xx/CVE-2023-5151.json) (`2023-09-25T13:26:04.017`)
* [CVE-2023-5150](CVE-2023/CVE-2023-51xx/CVE-2023-5150.json) (`2023-09-25T13:26:09.983`)
* [CVE-2023-5149](CVE-2023/CVE-2023-51xx/CVE-2023-5149.json) (`2023-09-25T13:26:11.523`)
* [CVE-2023-5148](CVE-2023/CVE-2023-51xx/CVE-2023-5148.json) (`2023-09-25T13:26:12.937`)
* [CVE-2023-5147](CVE-2023/CVE-2023-51xx/CVE-2023-5147.json) (`2023-09-25T13:26:14.630`)
* [CVE-2023-43270](CVE-2023/CVE-2023-432xx/CVE-2023-43270.json) (`2023-09-25T13:43:34.870`)
* [CVE-2023-43494](CVE-2023/CVE-2023-434xx/CVE-2023-43494.json) (`2023-09-25T13:43:35.503`)
* [CVE-2023-40989](CVE-2023/CVE-2023-409xx/CVE-2023-40989.json) (`2023-09-25T13:47:01.087`)
* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-25T13:47:09.797`)
* [CVE-2023-5134](CVE-2023/CVE-2023-51xx/CVE-2023-5134.json) (`2023-09-25T13:47:32.760`)
* [CVE-2023-5125](CVE-2023/CVE-2023-51xx/CVE-2023-5125.json) (`2023-09-25T13:47:46.330`)
* [CVE-2023-43470](CVE-2023/CVE-2023-434xx/CVE-2023-43470.json) (`2023-09-25T13:51:55.063`)
* [CVE-2023-43469](CVE-2023/CVE-2023-434xx/CVE-2023-43469.json) (`2023-09-25T13:52:25.717`)
* [CVE-2023-43468](CVE-2023/CVE-2023-434xx/CVE-2023-43468.json) (`2023-09-25T13:52:41.227`)
* [CVE-2023-41084](CVE-2023/CVE-2023-410xx/CVE-2023-41084.json) (`2023-09-25T13:54:29.890`)
## Download and Usage