admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-22T18:00:24.462698+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-22 18:00:27 +00:00
parent 9e05b29eab
commit b4269d9beb
51 changed files with 2949 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
CVE-2016/CVE-2016-12xx/CVE-2016-1238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-1238",
"sourceIdentifier": "security@debian.org",
"published": "2016-08-02T14:59:00.130",
"lastModified": "2018-12-16T11:29:00.340",
"vulnStatus": "Modified",
"lastModified": "2023-09-22T16:58:00.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -86,6 +86,16 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"
}
]
}
@ -929,13 +939,13 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:perl:perl:5.16.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1857347B-E3A5-41BA-B6CB-1D9C2AA27BAA"
"criteria": "cpe:2.3:a:perl:perl:5.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45C4E830-5173-41C4-8E06-D17F0BDA8774"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:perl:perl:5.16.3.:*:*:*:*:*:*:*",
"matchCriteriaId": "F509CC77-A1EB-4072-864C-9000CF8E40BF"
"criteria": "cpe:2.3:a:perl:perl:5.16.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1857347B-E3A5-41BA-B6CB-1D9C2AA27BAA"
},
{
"vulnerable": true,
@ -1340,12 +1350,46 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.2",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab",
@ -1386,27 +1430,46 @@
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834",
@ -1417,11 +1480,17 @@
},
{
"url": "https://security.gentoo.org/glsa/201701-75",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/201812-07",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-38xx/CVE-2022-3874.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-3874",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-22T14:15:44.943",
"lastModified": "2023-09-22T14:15:44.943",
"vulnStatus": "Received",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 falla en inyecci\u00f3n de comando en capataz. Esta falla permite a un usuario autenticado con privilegios de administrador en la instancia de foreman transpilar comandos a trav\u00e9s de configuraciones de CoreOS y Fedora CoreOS en plantillas, lo que posiblemente resulte en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente."
}
],
"metrics": {

8
CVE-2022/CVE-2022-40xx/CVE-2022-4039.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-22T15:15:09.847",
"lastModified": "2023-09-22T15:15:09.847",
"vulnStatus": "Received",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Red Hat Single Sign-On para im\u00e1genes de contenedores OpenShift, que est\u00e1n configuradas con una interfaz de administraci\u00f3n no segura habilitada. Esta falla permite a un atacante usar esta interfaz para implementar c\u00f3digo malicioso y acceder y modificar informaci\u00f3n potencialmente sensible en la configuraci\u00f3n del servidor de aplicaciones."
}
],
"metrics": {

57
CVE-2022/CVE-2022-454xx/CVE-2022-45447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45447",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T10:15:11.203",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:29:56.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:m4_pdf:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "3.2.3",
"matchCriteriaId": "6AE55D08-63EE-42F3-8149-D8D50E478B65"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2022/CVE-2022-475xx/CVE-2022-47560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47560",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T08:15:10.787",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:35:40.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2022/CVE-2022-475xx/CVE-2022-47561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47561",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T08:15:15.380",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:34:55.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2022/CVE-2022-475xx/CVE-2022-47562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47562",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T08:15:15.937",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:32:48.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -50,10 +80,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
"matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-08xx/CVE-2023-0829.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-0829",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T13:15:11.547",
"lastModified": "2023-09-20T14:13:22.137",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-22T16:56:52.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription."
},
{
"lang": "es",
"value": "Plesk 17.0 a 18.0.31 es vulnerable a Cross-Site Scripting. El propietario de una suscripci\u00f3n maliciosa (ya sea un cliente o un usuario adicional) puede comprometer completamente el servidor si un administrador visita una determinada p\u00e1gina en Plesk relacionada con la suscripci\u00f3n maliciosa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plesk:plesk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndIncluding": "18.0.31",
"matchCriteriaId": "09C2A067-029B-4EF5-9C7F-EC19075D7FD9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-237xx/CVE-2023-23766.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23766",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-09-22T15:15:10.557",
"lastModified": "2023-09-22T15:15:10.557",
"vulnStatus": "Received",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de comparaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda el contrabando de confirmaciones al mostrar una diferencia incorrecta en una Solicitud de Extracci\u00f3n reabierta. Para hacerlo, un atacante necesitar\u00eda acceso de escritura al repositorio. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.6.17, 3.7.15, 3.8.8, 3.9.3 y 3.10.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"metrics": {

69
CVE-2023/CVE-2023-255xx/CVE-2023-25527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25527",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:52.920",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:14:44.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25528",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:53.253",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:15:55.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25529",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:53.497",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:17:26.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25530",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:53.857",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:18:51.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25531",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:54.297",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:19:55.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25532.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25532",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:54.523",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:21:00.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25533",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:54.900",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:47:22.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-255xx/CVE-2023-25534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25534",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:55.260",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:25:04.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31008",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:55.453",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:20:10.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31009.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31009",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:55.823",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:19:28.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31010",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T02:15:18.130",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:12:29.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31011",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T02:15:19.207",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:11:55.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31012",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T02:15:19.680",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:11:25.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31013",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T02:15:20.310",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:10:38.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-310xx/CVE-2023-31014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31014",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T02:15:20.783",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:08:59.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:geforce_now:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.00.32705137",
"versionEndIncluding": "6.04.33108832",
"matchCriteriaId": "B8003B3F-0468-4834-874E-46E43ACB7B8F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5476",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-310xx/CVE-2023-31015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31015",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T02:15:21.413",
"lastModified": "2023-09-20T10:49:13.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:04:11.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*",
"versionEndExcluding": "23.08.18",
"matchCriteriaId": "E5A50133-6664-4379-A1E4-A1626B9CBDB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B945E1-9A87-41B7-9535-939BE61DA499"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-343xx/CVE-2023-34319.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34319",
"sourceIdentifier": "security@xen.org",
"published": "2023-09-22T14:15:45.627",
"lastModified": "2023-09-22T14:15:45.627",
"vulnStatus": "Received",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The fix for XSA-423 added logic to Linux'es netback driver to deal with\na frontend splitting a packet in a way such that not all of the headers\nwould come in one piece. Unfortunately the logic introduced there\ndidn't account for the extreme case of the entire packet being split\ninto as many pieces as permitted by the protocol, yet still being\nsmaller than the area that's specially dealt with to keep all (possible)\nheaders together. Such an unusual packet would therefore trigger a\nbuffer overrun in the driver.\n"
},
{
"lang": "es",
"value": "La soluci\u00f3n para XSA-423 agreg\u00f3 l\u00f3gica al controlador netback de Linux para lidiar con una interfaz que divide un paquete de tal manera que no todos los encabezados vengan en una sola pieza. Desafortunadamente, la l\u00f3gica introducida all\u00ed no tuvo en cuenta el caso extremo de que todo el paquete se divida en tantas partes como lo permita el protocolo, pero a\u00fan as\u00ed sea m\u00e1s peque\u00f1o que el \u00e1rea que se trata especialmente para mantener todos los (posibles) encabezados juntos. Por lo tanto, un paquete tan inusual provocar\u00eda un Desbordamiento del B\u00fafer en el controlador."
}
],
"metrics": {},

63
CVE-2023/CVE-2023-383xx/CVE-2023-38351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38351",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:10.710",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:36:21.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "MiniTool Partition Wizard 12.8 contiene un mecanismo de instalaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:partition_wizard:12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1F563B-F785-4C6C-A04E-3B3C2E45C510"
}
]
}
]
}
],
"references": [
{
"url": "https://0dr3f.github.io/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-383xx/CVE-2023-38352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38352",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:11.097",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:36:54.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "MiniTool Partition Wizard 12.8 contiene un mecanismo de actualizaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:partition_wizard:12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1F563B-F785-4C6C-A04E-3B3C2E45C510"
}
]
}
]
}
],
"references": [
{
"url": "https://0dr3f.github.io/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-383xx/CVE-2023-38353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:11.427",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:39:17.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "MiniTool Power Data Recovery 11.5 contiene un sistema de pago inseguro en la aplicaci\u00f3n que permite a los atacantes robar informaci\u00f3n altamente sensible a trav\u00e9s de un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:power_data_recovery:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "339356A1-870F-4086-B247-ABA2643E259A"
}
]
}
]
}
],
"references": [
{
"url": "https://0dr3f.github.io/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-383xx/CVE-2023-38354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:11.737",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:44:46.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "MiniTool Movie Maker 4.1 contiene un proceso de instalaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:movie_maker:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98ECE2C2-CF0D-4D38-BFB3-EF4EF2EF595D"
}
]
}
]
}
],
"references": [
{
"url": "https://0dr3f.github.io/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-383xx/CVE-2023-38355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:12.007",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:45:26.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "MiniTool Movie Maker 6.1.0 contiene un proceso de instalaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:movie_maker:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4079B2C-E112-4A23-BD15-01DBFC31FB13"
}
]
}
]
}
],
"references": [
{
"url": "https://0dr3f.github.io/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-383xx/CVE-2023-38356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38356",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:12.363",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:45:59.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "MiniTool Power Data Recovery 11.6 contiene un proceso de instalaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de intermediario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:power_data_recovery:11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "35CA8455-3F95-4A4D-B2B8-01652CFFD8EA"
}
]
}
]
}
],
"references": [
{
"url": "https://0dr3f.github.io/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-410xx/CVE-2023-41027.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-41027",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:09.880",
"lastModified": "2023-09-22T17:15:09.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-210"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-credential-disclosure-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

80
CVE-2023/CVE-2023-410xx/CVE-2023-41029.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-41029",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:10.957",
"lastModified": "2023-09-22T17:15:10.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in the\u00a0homemng.htm endpoint\u00a0in\u00a0Juplink RX4-1500 Wifi router firmware versions\u00a0V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

29
CVE-2023/CVE-2023-410xx/CVE-2023-41030.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41030",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-18T19:15:43.060",
"lastModified": "2023-09-21T13:22:58.060",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-22T17:15:11.243",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -56,6 +56,31 @@
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [

80
CVE-2023/CVE-2023-410xx/CVE-2023-41031.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2023-41031",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:14.027",
"lastModified": "2023-09-22T17:15:14.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7
},
"baseSeverity": "HIGH",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

74
CVE-2023/CVE-2023-413xx/CVE-2023-41374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41374",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-09-20T09:15:16.827",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:32:30.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,79 @@
"value": "Existe un doble problema gratuito en Kostac PLC Programming Software Versi\u00f3n 1.6.11.0 y anteriores. Se puede ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo de proyecto especialmente manipulado que se guard\u00f3 utilizando Kostac PLC Programming Software Versi\u00f3n 1.6.9.0 y anteriores porque el problema existe en el an\u00e1lisis de los archivos de proyecto KPP. El proveedor afirma que Kostac PLC Programming Software Versi\u00f3n 1.6.10.0 o posterior implementa la funci\u00f3n que evita la alteraci\u00f3n del archivo del proyecto. Por lo tanto, para mitigar el impacto de estas vulnerabilidades, un archivo de proyecto que se guard\u00f3 utilizando Kostac PLC Programming Software Versi\u00f3n 1.6.9.0 y anteriores debe guardarse nuevamente utilizando Kostac PLC Programming Software Versi\u00f3n 1.6.10.0 o posterior. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jtekt:kostac_plc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.10.0",
"matchCriteriaId": "89869FAB-6521-44DF-ADF7-9A8745271150"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jtekt:kostac_plc:1.6.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF59D87-A3E9-446B-A450-C89BE5CBFED9"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-413xx/CVE-2023-41375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41375",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-09-20T09:15:17.357",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:31:50.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,79 @@
"value": "Exista una vulnerabilidad de Use After Free en Kostac PLC Programming Software Versi\u00f3n 1.6.11.0. Se puede ejecutar c\u00f3digo arbitrario haciendo que un usuario abra un archivo de proyecto especialmente manipulado que se guard\u00f3 utilizando Kostac PLC Programming Software Versi\u00f3n 1.6.9.0 y anteriores porque el problema existe en el an\u00e1lisis de los archivos de proyecto KPP. El proveedor afirma que Kostac PLC Programming Software Versi\u00f3n 1.6.10.0 o posterior implementa la funci\u00f3n que evita la alteraci\u00f3n del archivo del proyecto. Por lo tanto, para mitigar el impacto de estas vulnerabilidades, un archivo de proyecto que se guard\u00f3 utilizando Kostac PLC Programming Software Versi\u00f3n 1.6.9.0 y anteriores debe guardarse nuevamente utilizando Kostac PLC Programming Software Versi\u00f3n 1.6.10.0 o posterior."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jtekt:kostac_plc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.10.0",
"matchCriteriaId": "89869FAB-6521-44DF-ADF7-9A8745271150"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jtekt:kostac_plc:1.6.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF59D87-A3E9-446B-A450-C89BE5CBFED9"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-424xx/CVE-2023-42450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42450",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T16:15:12.897",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:08:09.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D76FF8DD-B11D-4119-9B4E-32CE8365A25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "19DC8A22-E8EF-4FAB-B60E-64FE54AE0968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1406EB6A-186B-4A9C-95F6-5EC509867C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "089015EE-D7E4-4370-B1ED-52283B06FF0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-424xx/CVE-2023-42451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42451",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T16:15:13.303",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:10:42.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.14",
"matchCriteriaId": "73BDE2AA-8259-4C76-B344-BFD5512C4958"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.10",
"matchCriteriaId": "98C89C5A-7235-4260-8656-CA90DB36CC96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.8",
"matchCriteriaId": "E58F736C-6245-4EF4-AE4D-FB6AA20F0D7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D76FF8DD-B11D-4119-9B4E-32CE8365A25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "19DC8A22-E8EF-4FAB-B60E-64FE54AE0968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1406EB6A-186B-4A9C-95F6-5EC509867C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "089015EE-D7E4-4370-B1ED-52283B06FF0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-424xx/CVE-2023-42452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42452",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T16:15:13.630",
"lastModified": "2023-09-19T17:57:31.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:12:47.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.10",
"matchCriteriaId": "98C89C5A-7235-4260-8656-CA90DB36CC96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.8",
"matchCriteriaId": "E58F736C-6245-4EF4-AE4D-FB6AA20F0D7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D76FF8DD-B11D-4119-9B4E-32CE8365A25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "19DC8A22-E8EF-4FAB-B60E-64FE54AE0968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1406EB6A-186B-4A9C-95F6-5EC509867C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joinmastodon:mastodon:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "089015EE-D7E4-4370-B1ED-52283B06FF0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mastodon/mastodon/commit/ff32475f5f4a84ebf9619e7eef5bf8b4c075d0e2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-2693-xr3m-jhqr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-427xx/CVE-2023-42798.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-42798",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T16:15:09.753",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository."
},
{
"lang": "es",
"value": "AutomataCI es un repositorio de plantillas git equipado con herramientas de CI semiaut\u00f3nomas integradas nativas. Un problema en las versiones 1.4.1 y anteriores puede permitir que un trabajo de lanzamiento restablezca el repositorio ra\u00edz de git a la primera confirmaci\u00f3n. La versi\u00f3n 1.5.0 tiene un parche para este problema. Como workaround, aseg\u00farese de que el directorio `PROJECT_PATH_RELEASE` (por ejemplo, `releases/`) est\u00e9 manual y realmente `git clonado` correctamente, convirti\u00e9ndolo en un repositorio de git diferente del repositorio ra\u00edz de git."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-428xx/CVE-2023-42811.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-42811",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T16:15:10.583",
"lastModified": "2023-09-22T17:15:14.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue."
},
{
"lang": "es",
"value": "aes-gcm es una implementaci\u00f3n Rust pura de AES-GCM. A partir de la versi\u00f3n 0.10.0 y antes de la versi\u00f3n 0.10.3, en la implementaci\u00f3n AES GCM de decrypt_in_place_detached, el texto cifrado descifrado (es decir, el texto plano correcto) se expone incluso si falla la verificaci\u00f3n de la etiqueta. Si un programa que utiliza las API `decrypt_in_place*` de la caja `aes-gcm` accede al b\u00fafer despu\u00e9s de un error de descifrado, contendr\u00e1 un descifrado de una entrada no autenticada. Dependiendo de la naturaleza espec\u00edfica del programa, esto puede permitir Chosen Ciphertext Attacks (CCA), que pueden provocar una rotura catastr\u00f3fica del cifrado, incluida la recuperaci\u00f3n completa del texto plano. La versi\u00f3n 0.10.3 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-428xx/CVE-2023-42812.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T17:15:14.733",
"lastModified": "2023-09-22T17:15:14.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-428xx/CVE-2023-42821.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-42821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T17:15:14.990",
"lastModified": "2023-09-22T17:15:14.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-431xx/CVE-2023-43144.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T15:15:12.827",
"lastModified": "2023-09-22T15:15:12.827",
"vulnStatus": "Received",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the \"id\" parameter in delete.php."
},
{
"lang": "es",
"value": "Projectworldsl Assets-management-system-in-php 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \"id\" en delete.php."
}
],
"metrics": {},

12
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-09-21T17:55:12.113",
"lastModified": "2023-09-22T17:52:46.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 4.2
},
{

8
CVE-2023/CVE-2023-50xx/CVE-2023-5002.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5002",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-09-22T14:15:47.213",
"lastModified": "2023-09-22T14:15:47.213",
"vulnStatus": "Received",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en pgAdmin. Este problema ocurre cuando la API HTTP del servidor pgAdmin valida la ruta que un usuario selecciona a las utilidades externas de PostgreSQL, como pg_dump y pg_restore. Las versiones de pgAdmin anteriores a la 7.6 no pudieron controlar adecuadamente el c\u00f3digo del servidor ejecutado en esta API, lo que permiti\u00f3 a un usuario autenticado ejecutar comandos arbitrarios en el servidor."
}
],
"metrics": {

61
CVE-2023/CVE-2023-50xx/CVE-2023-5074.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5074",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-09-20T16:15:12.750",
"lastModified": "2023-09-20T17:15:19.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T17:57:34.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28"
},
{
"lang": "es",
"value": "El uso de una clave est\u00e1tica para proteger un token JWT utilizado en la autenticaci\u00f3n de usuario puede permitir una omisi\u00f3n de autenticaci\u00f3n en D-Link D-View 8 v2.0.1.28"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dlink:d-view_8:2.0.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA161F6-3740-4843-B4FA-E3CDC448E64C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-32",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-50xx/CVE-2023-5084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5084",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-20T10:15:15.723",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-22T16:28:20.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -50,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hestiacp:hestiacp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.8",
"matchCriteriaId": "0950AD20-DB61-41B7-A77A-576D902D3916"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hestiacp/hestiacp/commit/5131f5a966759df77477fdf7f29daa2bda93b1ff",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/f3340570-6e59-4c72-a7d1-d4b829b4fb45",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-22T16:00:25.271214+00:00
2023-09-22T18:00:24.462698+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-22T15:23:52.010000+00:00
2023-09-22T17:57:34.747000+00:00
```
### Last Data Feed Release
@ -29,50 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226050
226057
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `7`
* [CVE-2022-3874](CVE-2022/CVE-2022-38xx/CVE-2022-3874.json) (`2023-09-22T14:15:44.943`)
* [CVE-2022-4039](CVE-2022/CVE-2022-40xx/CVE-2022-4039.json) (`2023-09-22T15:15:09.847`)
* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-22T14:15:45.627`)
* [CVE-2023-5002](CVE-2023/CVE-2023-50xx/CVE-2023-5002.json) (`2023-09-22T14:15:47.213`)
* [CVE-2023-23766](CVE-2023/CVE-2023-237xx/CVE-2023-23766.json) (`2023-09-22T15:15:10.557`)
* [CVE-2023-43144](CVE-2023/CVE-2023-431xx/CVE-2023-43144.json) (`2023-09-22T15:15:12.827`)
* [CVE-2023-42798](CVE-2023/CVE-2023-427xx/CVE-2023-42798.json) (`2023-09-22T16:15:09.753`)
* [CVE-2023-41027](CVE-2023/CVE-2023-410xx/CVE-2023-41027.json) (`2023-09-22T17:15:09.880`)
* [CVE-2023-41029](CVE-2023/CVE-2023-410xx/CVE-2023-41029.json) (`2023-09-22T17:15:10.957`)
* [CVE-2023-41031](CVE-2023/CVE-2023-410xx/CVE-2023-41031.json) (`2023-09-22T17:15:14.027`)
* [CVE-2023-42811](CVE-2023/CVE-2023-428xx/CVE-2023-42811.json) (`2023-09-22T16:15:10.583`)
* [CVE-2023-42812](CVE-2023/CVE-2023-428xx/CVE-2023-42812.json) (`2023-09-22T17:15:14.733`)
* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-22T17:15:14.990`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `43`
* [CVE-2023-43201](CVE-2023/CVE-2023-432xx/CVE-2023-43201.json) (`2023-09-22T14:01:39.377`)
* [CVE-2023-43200](CVE-2023/CVE-2023-432xx/CVE-2023-43200.json) (`2023-09-22T14:01:51.467`)
* [CVE-2023-43199](CVE-2023/CVE-2023-431xx/CVE-2023-43199.json) (`2023-09-22T14:02:05.137`)
* [CVE-2023-43198](CVE-2023/CVE-2023-431xx/CVE-2023-43198.json) (`2023-09-22T14:02:21.840`)
* [CVE-2023-43197](CVE-2023/CVE-2023-431xx/CVE-2023-43197.json) (`2023-09-22T14:02:34.260`)
* [CVE-2023-43196](CVE-2023/CVE-2023-431xx/CVE-2023-43196.json) (`2023-09-22T14:03:04.087`)
* [CVE-2023-43207](CVE-2023/CVE-2023-432xx/CVE-2023-43207.json) (`2023-09-22T14:03:39.580`)
* [CVE-2023-43206](CVE-2023/CVE-2023-432xx/CVE-2023-43206.json) (`2023-09-22T14:03:46.960`)
* [CVE-2023-43204](CVE-2023/CVE-2023-432xx/CVE-2023-43204.json) (`2023-09-22T14:03:57.567`)
* [CVE-2023-26144](CVE-2023/CVE-2023-261xx/CVE-2023-26144.json) (`2023-09-22T14:05:10.610`)
* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2023-09-22T14:15:46.093`)
* [CVE-2023-42446](CVE-2023/CVE-2023-424xx/CVE-2023-42446.json) (`2023-09-22T14:21:40.147`)
* [CVE-2023-25526](CVE-2023/CVE-2023-255xx/CVE-2023-25526.json) (`2023-09-22T14:27:20.893`)
* [CVE-2023-42443](CVE-2023/CVE-2023-424xx/CVE-2023-42443.json) (`2023-09-22T14:30:04.887`)
* [CVE-2023-38255](CVE-2023/CVE-2023-382xx/CVE-2023-38255.json) (`2023-09-22T14:32:10.853`)
* [CVE-2023-41965](CVE-2023/CVE-2023-419xx/CVE-2023-41965.json) (`2023-09-22T14:32:28.460`)
* [CVE-2023-41387](CVE-2023/CVE-2023-413xx/CVE-2023-41387.json) (`2023-09-22T14:41:50.660`)
* [CVE-2023-41890](CVE-2023/CVE-2023-418xx/CVE-2023-41890.json) (`2023-09-22T15:06:53.240`)
* [CVE-2023-41179](CVE-2023/CVE-2023-411xx/CVE-2023-41179.json) (`2023-09-22T15:08:32.273`)
* [CVE-2023-41048](CVE-2023/CVE-2023-410xx/CVE-2023-41048.json) (`2023-09-22T15:15:11.000`)
* [CVE-2023-42457](CVE-2023/CVE-2023-424xx/CVE-2023-42457.json) (`2023-09-22T15:15:11.723`)
* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-22T15:15:12.590`)
* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-22T15:15:14.060`)
* [CVE-2023-4951](CVE-2023/CVE-2023-49xx/CVE-2023-4951.json) (`2023-09-22T15:15:14.253`)
* [CVE-2023-32184](CVE-2023/CVE-2023-321xx/CVE-2023-32184.json) (`2023-09-22T15:23:52.010`)
* [CVE-2023-38351](CVE-2023/CVE-2023-383xx/CVE-2023-38351.json) (`2023-09-22T16:36:21.897`)
* [CVE-2023-38352](CVE-2023/CVE-2023-383xx/CVE-2023-38352.json) (`2023-09-22T16:36:54.860`)
* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-5002](CVE-2023/CVE-2023-50xx/CVE-2023-5002.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-23766](CVE-2023/CVE-2023-237xx/CVE-2023-23766.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-43144](CVE-2023/CVE-2023-431xx/CVE-2023-43144.json) (`2023-09-22T16:38:32.560`)
* [CVE-2023-38353](CVE-2023/CVE-2023-383xx/CVE-2023-38353.json) (`2023-09-22T16:39:17.900`)
* [CVE-2023-38354](CVE-2023/CVE-2023-383xx/CVE-2023-38354.json) (`2023-09-22T16:44:46.093`)
* [CVE-2023-38355](CVE-2023/CVE-2023-383xx/CVE-2023-38355.json) (`2023-09-22T16:45:26.050`)
* [CVE-2023-38356](CVE-2023/CVE-2023-383xx/CVE-2023-38356.json) (`2023-09-22T16:45:59.370`)
* [CVE-2023-0829](CVE-2023/CVE-2023-08xx/CVE-2023-0829.json) (`2023-09-22T16:56:52.413`)
* [CVE-2023-42450](CVE-2023/CVE-2023-424xx/CVE-2023-42450.json) (`2023-09-22T17:08:09.950`)
* [CVE-2023-42451](CVE-2023/CVE-2023-424xx/CVE-2023-42451.json) (`2023-09-22T17:10:42.063`)
* [CVE-2023-42452](CVE-2023/CVE-2023-424xx/CVE-2023-42452.json) (`2023-09-22T17:12:47.737`)
* [CVE-2023-25527](CVE-2023/CVE-2023-255xx/CVE-2023-25527.json) (`2023-09-22T17:14:44.967`)
* [CVE-2023-41030](CVE-2023/CVE-2023-410xx/CVE-2023-41030.json) (`2023-09-22T17:15:11.243`)
* [CVE-2023-25528](CVE-2023/CVE-2023-255xx/CVE-2023-25528.json) (`2023-09-22T17:15:55.080`)
* [CVE-2023-25529](CVE-2023/CVE-2023-255xx/CVE-2023-25529.json) (`2023-09-22T17:17:26.360`)
* [CVE-2023-25530](CVE-2023/CVE-2023-255xx/CVE-2023-25530.json) (`2023-09-22T17:18:51.793`)
* [CVE-2023-25531](CVE-2023/CVE-2023-255xx/CVE-2023-25531.json) (`2023-09-22T17:19:55.950`)
* [CVE-2023-25532](CVE-2023/CVE-2023-255xx/CVE-2023-25532.json) (`2023-09-22T17:21:00.470`)
* [CVE-2023-25534](CVE-2023/CVE-2023-255xx/CVE-2023-25534.json) (`2023-09-22T17:25:04.093`)
* [CVE-2023-25533](CVE-2023/CVE-2023-255xx/CVE-2023-25533.json) (`2023-09-22T17:47:22.070`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-22T17:52:46.230`)
* [CVE-2023-5074](CVE-2023/CVE-2023-50xx/CVE-2023-5074.json) (`2023-09-22T17:57:34.747`)
## Download and Usage