admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-14T17:00:18.860274+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-14 17:00:22 +00:00
parent 20c712dcaa
commit bc03b57af7
181 changed files with 8347 additions and 520 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2017/CVE-2017-160xx/CVE-2017-16020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-16020",
"sourceIdentifier": "support@hackerone.com",
"published": "2018-06-04T19:29:01.240",
"lastModified": "2019-10-09T23:24:37.097",
"vulnStatus": "Modified",
"lastModified": "2023-11-14T15:16:29.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -96,8 +96,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:summit_project:summit:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "0.1.0",
"versionEndIncluding": "0.1.22",
"matchCriteriaId": "59170DBC-C5A5-4A93-A11D-EABF4C662880"
"versionEndIncluding": "0.1.21",
"matchCriteriaId": "1B6D8179-37B3-4F00-BFA8-289258635FE8"
}
]
}

78
CVE-2018/CVE-2018-250xx/CVE-2018-25092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-25092",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-05T21:15:09.357",
"lastModified": "2023-11-07T02:56:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:20:42.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -39,7 +59,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,22 +105,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaerys-dawn:discordsailv2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.3",
"matchCriteriaId": "B44FDAD3-1B54-4735-98CA-AEB910A3322A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.244483",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.244483",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2018/CVE-2018-250xx/CVE-2018-25093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-25093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-06T01:15:08.690",
"lastModified": "2023-11-07T02:56:34.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:23:21.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,27 @@
"metrics": {
"cvssMetricV31": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -39,7 +59,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,22 +105,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaerys-dawn:discordsailv2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.3",
"matchCriteriaId": "B44FDAD3-1B54-4735-98CA-AEB910A3322A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.244484",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.244484",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22164.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22164",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:13.093",
"lastModified": "2021-06-24T13:33:30.607",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22165.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22165",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:14.150",
"lastModified": "2021-06-24T13:37:48.103",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22166.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22166",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:15.680",
"lastModified": "2021-06-24T13:38:16.170",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22167.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22167",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:15.803",
"lastModified": "2021-06-24T13:39:48.873",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22168.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22168",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.107",
"lastModified": "2021-06-24T13:38:52.490",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22169.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22169",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.150",
"lastModified": "2021-06-24T13:40:03.230",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22170.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22170",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.187",
"lastModified": "2021-06-24T13:40:37.310",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22171.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22171",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.220",
"lastModified": "2021-06-24T13:41:13.233",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22172.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22172",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.253",
"lastModified": "2021-06-24T13:41:25.583",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22173.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22173",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.287",
"lastModified": "2021-06-24T13:43:45.900",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22174.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22174",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.323",
"lastModified": "2021-06-24T13:44:50.607",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22175.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22175",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.360",
"lastModified": "2021-06-24T13:45:05.023",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-221xx/CVE-2020-22176.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22176",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-22T15:15:16.393",
"lastModified": "2022-06-28T14:11:45.273",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-252xx/CVE-2020-25270.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-25270",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-10-08T13:15:10.987",
"lastModified": "2023-02-27T17:27:17.307",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178"
}
]
}

6
CVE-2020/CVE-2020-252xx/CVE-2020-25271.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-25271",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-10-08T13:15:11.047",
"lastModified": "2020-10-16T20:32:05.747",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-281xx/CVE-2020-28136.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-28136",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-11-17T20:15:11.300",
"lastModified": "2020-12-01T16:44:29.417",
"lastModified": "2023-11-14T16:30:23.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tourism_management_system_project:tourism_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39CBB56F-53D8-46A6-8DA6-851E8E9E5076"
"criteria": "cpe:2.3:a:phpgurukul:tourism_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E790B49F-53C5-4DD8-AD13-EC40116B221E"
}
]
}

6
CVE-2020/CVE-2020-357xx/CVE-2020-35745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-35745",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-01-07T21:15:13.120",
"lastModified": "2023-11-07T03:22:03.210",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-51xx/CVE-2020-5191.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-5191",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-01-06T01:15:10.840",
"lastModified": "2020-01-10T18:43:30.727",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-51xx/CVE-2020-5192.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-5192",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-01-06T01:15:10.917",
"lastModified": "2020-01-13T21:12:30.963",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-51xx/CVE-2020-5193.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-5193",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-01-14T18:15:11.727",
"lastModified": "2020-01-21T16:03:05.557",
"lastModified": "2023-11-14T16:21:41.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2020/CVE-2020-55xx/CVE-2020-5510.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-5510",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-01-08T18:15:13.963",
"lastModified": "2023-07-31T13:05:21.247",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A7C521-537B-4A80-BE80-E4F66254C027"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD71D7C-E606-4658-9B2C-5F9BF8279AFE"
}
]
}

6
CVE-2021/CVE-2021-268xx/CVE-2021-26809.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-26809",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-17T15:15:13.673",
"lastModified": "2021-02-26T18:35:20.627",
"lastModified": "2023-11-14T16:33:11.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:car_rental_portal_project:car_rental_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98818E63-D361-4A0A-A41F-AC06F27D4A1D"
"criteria": "cpe:2.3:a:phpgurukul:car_rental_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "966C918E-9D08-4392-91DD-7B25971858E1"
}
]
}

10
CVE-2021/CVE-2021-353xx/CVE-2021-35387.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-35387",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-28T15:15:12.697",
"lastModified": "2022-10-28T18:31:52.523",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php."
},
{
"lang": "es",
"value": "Hospital Management System v 4.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del archivo: hospital/hms/admin/view-patient.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

10
CVE-2021/CVE-2021-353xx/CVE-2021-35388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-35388",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-28T15:15:13.600",
"lastModified": "2022-10-28T18:33:17.107",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php."
},
{
"lang": "es",
"value": "Hospital Management System v 4.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /hospital/hms/admin/patient-search.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2021/CVE-2021-378xx/CVE-2021-37807.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-37807",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-10-27T17:15:10.663",
"lastModified": "2021-11-03T00:04:18.327",
"lastModified": "2023-11-14T16:47:19.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A"
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29"
}
]
}

6
CVE-2021/CVE-2021-394xx/CVE-2021-39411.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-39411",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-11-05T15:15:07.790",
"lastModified": "2021-11-09T15:02:13.887",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2021/CVE-2021-431xx/CVE-2021-43137.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-43137",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-01T20:15:08.327",
"lastModified": "2023-02-24T15:50:50.677",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178"
}
]
}

6
CVE-2021/CVE-2021-461xx/CVE-2021-46110.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-46110",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T21:15:13.000",
"lastModified": "2022-02-24T21:15:28.577",
"lastModified": "2023-11-14T16:47:19.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A"
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29"
}
]
}

6
CVE-2022/CVE-2022-242xx/CVE-2022-24226.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24226",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-15T16:15:09.093",
"lastModified": "2022-02-23T13:57:00.590",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2022/CVE-2022-242xx/CVE-2022-24263.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24263",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-31T22:15:07.733",
"lastModified": "2022-02-11T18:01:15.347",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2022/CVE-2022-246xx/CVE-2022-24646.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24646",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-10T23:15:08.043",
"lastModified": "2022-02-17T03:03:55.487",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2022/CVE-2022-309xx/CVE-2022-30930.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30930",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-06-14T17:15:08.287",
"lastModified": "2023-11-07T03:47:26.333",
"lastModified": "2023-11-14T16:30:23.447",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tourism_management_system_project:tourism_management_system:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3B6E82-DAB7-439F-A7FD-24550157D3E7"
"criteria": "cpe:2.3:a:phpgurukul:tourism_management_system:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBB55C7-422D-4A88-B43A-68E542E9D643"
}
]
}

89
CVE-2022/CVE-2022-31xx/CVE-2022-3172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3172",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-11-03T20:15:08.550",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T16:26:22.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -50,14 +80,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.21.14",
"matchCriteriaId": "D740494E-6332-4421-BE43-C0CEB179CBA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.22.0",
"versionEndExcluding": "1.22.14",
"matchCriteriaId": "57CC215D-A8DA-4D7F-8FF6-A1FC8451DEDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.23.0",
"versionEndExcluding": "1.23.11",
"matchCriteriaId": "1E67C91E-260F-4C6B-BEE1-44B9C7F29C35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.24.0",
"versionEndExcluding": "1.24.5",
"matchCriteriaId": "9D2847AF-B9A8-40FF-AED5-0BBAEF012BA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A049EC76-7250-484F-99AE-BBF05EA04225"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/112513",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
}
]
}

6
CVE-2022/CVE-2022-422xx/CVE-2022-42205.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42205",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-21T13:15:09.677",
"lastModified": "2022-10-21T20:26:16.543",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

6
CVE-2022/CVE-2022-422xx/CVE-2022-42206.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42206",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-21T13:15:09.723",
"lastModified": "2022-10-21T20:26:24.660",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

56
CVE-2022/CVE-2022-453xx/CVE-2022-45373.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2022-45373",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.547",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:36:25.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Jason Crouse, VeronaLabs Slimstat Analytics permite la inyecci\u00f3n SQL. Este problema afecta a Slimstat Analytics: desde n/a hasta 5.0.4."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-slimstat:slimstat_analytics:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.0.5",
"matchCriteriaId": "00117CA2-ED65-44D0-A18E-0AC1D3392FA8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-5-0-4-sql-injection-sqli-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2022/CVE-2022-468xx/CVE-2022-46849.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2022-46849",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.623",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:36:18.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Weblizar Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode permite la inyecci\u00f3n de SQL. Este problema afecta Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode: desde n/ a hasta 1.5.9."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weblizar:responsive_coming_soon_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "1D094AB8-49B9-4C4A-964B-A5ABD70CECA9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-plugin-1-5-8-sql-injection-sqli-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2022/CVE-2022-468xx/CVE-2022-46860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46860",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.690",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:35:56.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en KaizenCoders Short URL permite la inyecci\u00f3n SQL. Este problema afecta Short URL: desde n/a hasta 1.6.4."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.5",
"matchCriteriaId": "A05A21BD-07F2-4C72-AFB8-9493A92A4DDB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shorten-url/wordpress-short-url-plugin-1-6-4-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2022/CVE-2022-474xx/CVE-2022-47420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.757",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:35:47.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adaplugin:accessibility_suite_by_online_ada:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.11",
"matchCriteriaId": "5086E689-7C3C-43F6-A204-461ED5D293F3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2022/CVE-2022-474xx/CVE-2022-47428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47428",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.830",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:35:13.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WpDevArt Booking calendar, Appointment Booking System permite la inyecci\u00f3n de SQL. Este problema afecta Booking calendar, Appointment Booking System: desde n/a hasta 3.2.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdevart:booking_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.8",
"matchCriteriaId": "58B431A8-5141-418D-AB25-962A11D8051C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-6-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2022/CVE-2022-474xx/CVE-2022-47430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47430",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.893",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:29:59.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Weblizar The School Management \u2013 Education & Learning Management permite la inyecci\u00f3n SQL. Este problema afecta a The School Management \u2013 Education & Learning Management: desde n/a hasta 4.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weblizar:school_management_-_education_\\&_learning_management:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2",
"matchCriteriaId": "F5856D7E-AFF3-4180-BD74-2E43B7473F27"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/school-management-system/wordpress-the-school-management-plugin-4-1-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2022/CVE-2022-474xx/CVE-2022-47432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47432",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T08:15:21.963",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:30:04.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Kemal YAZICI - PluginPress Shortcode IMDB permite la inyecci\u00f3n SQL. Este problema afecta a Shortcode IMDB: desde n/a hasta 6.0.8."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kemalyazici:shortcode_imdb:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.0.8",
"matchCriteriaId": "12ED0824-6400-40E6-8C99-E49F243CD0FD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

133
CVE-2023/CVE-2023-200xx/CVE-2023-20031.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20031",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:08.770",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:57:46.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de certificados SSL/TLS de la integraci\u00f3n del motor de detecci\u00f3n Snort 3 con el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque que el motor de detecci\u00f3n Snort 3 se reinicie. Esta vulnerabilidad se debe a un error l\u00f3gico que ocurre cuando se accede a un certificado SSL/TLS que est\u00e1 bajo carga cuando se inicia una conexi\u00f3n SSL. Bajo limitaciones espec\u00edficas basadas en el tiempo, un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una alta tasa de solicitudes de conexi\u00f3n SSL/TLS para ser inspeccionadas por el motor de detecci\u00f3n Snort 3 en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el motor de detecci\u00f3n de Snort 3 se recargue, lo que resultar\u00eda en una condici\u00f3n de omisi\u00f3n o Denegaci\u00f3n de Servicio (DoS), dependiendo de la configuraci\u00f3n del dispositivo. El motor de detecci\u00f3n de Snort se reiniciar\u00e1 autom\u00e1ticamente. No se requiere intervenci\u00f3n manual."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,113 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

322
CVE-2023/CVE-2023-200xx/CVE-2023-20042.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20042",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:08.843",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:56:45.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n AnyConnect SSL VPN del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un error de implementaci\u00f3n dentro del proceso de manejo de sesiones SSL/TLS que puede impedir la liberaci\u00f3n de un controlador de sesi\u00f3n en condiciones espec\u00edficas. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico SSL/TLS manipulado a un dispositivo afectado, lo que aumenta la probabilidad de fugas del controlador de sesi\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante agotar eventualmente el grupo de controladores de sesiones disponible, impidiendo que se establezcan nuevas sesiones y provocando una condici\u00f3n DoS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,302 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "853A002C-839A-4372-8485-750A86E9F6E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C62BB5D6-CE75-4C83-82DC-4148EF8CB1F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D32F1365-EAF8-4570-B2FF-45E47E8586F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD07F9B-6BB3-4423-8DBE-4E89A6478E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "34FE4F28-B704-4325-AE8A-C790163FEE71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "959107AC-E9EC-467C-901B-A3164E3762E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F944F8F-0255-42BE-BD44-D21EC9F0FFC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39C535-5A41-47CE-A9CF-B360998D4BF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CEAEFC-7B82-41F9-A09D-C86A3A60A4FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "40FAC31D-19C0-4BA0-A019-C7E7A0BA0B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-kxG8mpUA",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-200xx/CVE-2023-20070.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20070",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.027",
"lastModified": "2023-11-01T18:17:43.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T16:19:14.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de TLS 1.3 del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque que el motor de detecci\u00f3n Snort 3 se reinicie inesperadamente. Esta vulnerabilidad se debe a un error l\u00f3gico en c\u00f3mo se manejan las asignaciones de memoria durante una sesi\u00f3n TLS 1.3. Bajo limitaciones de tiempo espec\u00edficas, un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una secuencia de mensajes TLS 1.3 manipulada a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el motor de detecci\u00f3n de Snort 3 se recargue, lo que resultar\u00eda en una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). Mientras el motor de detecci\u00f3n de Snort se recarga, los paquetes que pasan por el dispositivo FTD y se env\u00edan al motor de detecci\u00f3n de Snort se descartar\u00e1n. El motor de detecci\u00f3n de Snort se reiniciar\u00e1 autom\u00e1ticamente. No se requiere intervenci\u00f3n manual."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,47 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-uAnUntcV",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

434
CVE-2023/CVE-2023-202xx/CVE-2023-20244.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20244",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T17:15:11.577",
"lastModified": "2023-11-01T17:16:31.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T16:56:16.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento interno de paquetes del software Cisco Firepower Threat Defense (FTD) para los firewalls Cisco Firepower serie 2100 podr\u00eda permitir que un atacante remoto no autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe al manejo inadecuado de ciertos paquetes cuando se env\u00edan al motor de inspecci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una serie de paquetes manipulados a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante agotar los bloques de 9472 bytes del dispositivo, lo que provocar\u00eda una p\u00e9rdida de tr\u00e1fico en el dispositivo o una recarga inesperada del mismo. Si el dispositivo no se recarga por s\u00ed solo, ser\u00e1 necesaria una recarga manual del dispositivo para recuperarse de este estado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,414 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAD2427-82A3-4E64-ADB5-FA4F40B568F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08D5A647-AC21-40AC-8B3C-EE5D3EDA038A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAE999A-5244-46CF-8C12-D68E789BDEE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6468D3D-C5A7-4FAE-B4B9-AD862CD11055"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E4808D-592E-46A6-A83A-A46227D817B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB45136-ACCD-4230-8975-0EBB30D5B375"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C39AC1-1B96-4253-9FC8-4CC26D6261F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9102C8-F211-4E50-967F-FD51C7FC904F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4933642-89E5-4909-AD3C-862CD3B77790"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A6C776-79B3-47ED-B013-100B8F08E1C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E504F28A-44CE-4B3E-9330-6A98728E3AEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA0DD43-D206-4C1C-8B17-DA47F96B3BAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1983172D-4F52-479F-BF14-A84B92D36864"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4122D982-A57A-4249-A8DC-CE9FC6C98803"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96464380-F665-4266-B0AD-693E078C9F82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6BD0EE-649E-4ED6-A09C-8364335DEF52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE11554-FE3C-4C8B-8986-5D88E4967342"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C11983-22A8-4859-A240-571A7815FF54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24CD0B0A-2B91-45DD-9522-8D1D3850CC9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7026F0E-72A7-4CDF-BADC-E34FE6FADC51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "63B85369-FBAE-456C-BC99-5418B043688A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "86434346-D5F0-49BA-803E-244C3266E361"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2FA7B3C-002D-4755-B323-CA24B770A5B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CB7EBC-F3D5-4855-A8D8-BA5AB21FD719"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4D975CBA-7F01-4A4C-991B-9571410C4F07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFA476-5021-4A00-859E-1643009D6156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E3A5DC-A237-46E4-A4E5-F135482F984A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D46E2E00-BA86-4002-B67B-2C1A6C1AAAE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91AD8BA2-EB8D-4D8B-B707-AF5C2A831998"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

1117
CVE-2023/CVE-2023-202xx/CVE-2023-20245.json
View File

File diff suppressed because it is too large Load Diff

827
CVE-2023/CVE-2023-202xx/CVE-2023-20256.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20256",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T17:15:11.717",
"lastModified": "2023-11-01T17:16:31.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T16:20:34.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la funci\u00f3n de anulaci\u00f3n por usuario del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00edan permitir que un atacante remoto no autenticado omita una Lista de Control de Acceso (ACL) configurada y permita el tr\u00e1fico que deber\u00eda se le negar\u00e1 el flujo a trav\u00e9s de un dispositivo afectado. Estas vulnerabilidades se deben a un error l\u00f3gico que podr\u00eda ocurrir cuando el software afectado construye y aplica reglas de anulaci\u00f3n por usuario. Un atacante podr\u00eda aprovechar estas vulnerabilidades conect\u00e1ndose a una red a trav\u00e9s de un dispositivo afectado que tenga una configuraci\u00f3n vulnerable. Un exploit exitoso podr\u00eda permitir al atacante omitir la ACL de la interfaz y acceder a recursos que deber\u00edan estar protegidos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,807 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23CD5619-E534-4F40-998D-39DC19FA0451"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D0EB11-14B1-44B3-8D46-B9DD872F772C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA399CF-12DB-42E0-A66F-14508B52A453"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5A7608-E737-420E-9B5E-836600DAC701"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EB6801-336D-4F41-ADE7-1C58C63C3F6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8413DA41-02A5-4269-8C88-9DD5076AF91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "AA00285F-6914-4749-8A47-FC4EDAFFF3C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA4D367-32B9-4F54-8352-A959F61A1FDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "2259FF9E-0C8B-440F-B1AC-51BDE3F60E68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C522B55-904D-4C08-B73E-1457D877C0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "4483056A-FBF3-4E00-81EB-1E97334EF240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.43:*:*:*:*:*:*:*",
"matchCriteriaId": "48677330-06AB-4C7F-B2AD-F7E465A9632A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA80D2-5DB8-4334-9A88-7DDE395832C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1C38A5-1028-4AD3-8CC7-A00091091E76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.46:*:*:*:*:*:*:*",
"matchCriteriaId": "848147B2-C49A-43F6-9069-FC8885BDFDA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.48:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FEF0DA-741E-4361-8143-068EB47D6520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E23ACB0-DF8B-4672-A819-4DCD3104CE4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4723B88-62BA-40E6-AA89-BAC02D6A036F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C698819-3C8E-4A16-8F52-42FF1E54C076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3CE74E-59E7-448A-8417-18F97C05C798"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0986C171-0E75-4F6F-A9BD-276830104E5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "66A2777A-7831-4324-AEB2-5D93B5F6C04B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "37045680-9189-4B7F-A4F7-4E682FE20A09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C9F37B-CF3C-4861-A969-C7CF4946274A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1DAF21-3FED-4691-9D4C-8FD8CEA7FB3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FB938E58-4963-4A31-8836-88E958592B30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1E317897-EE97-44F3-96BB-E54228D72A7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF7FAB2-158D-4C48-9246-E7AD3BF1D801"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "056D43AE-ECDB-40D2-A196-18DDCD02629E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E555F3-3580-4D71-8D8D-92FE72763D62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "93013503-8B9A-4160-AF7E-277958FA6E9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B009FD-0F2B-4511-8EDF-C3E670623F89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.41:*:*:*:*:*:*:*",
"matchCriteriaId": "52579D8D-E855-42B3-B406-32DD1C39F721"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.47:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E44FC6-12A2-4F76-A095-28F3804B619F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.48:*:*:*:*:*:*:*",
"matchCriteriaId": "42917E5E-E362-4B40-B2B2-3C77BA35641C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.50:*:*:*:*:*:*:*",
"matchCriteriaId": "CF317FA3-EBF3-49BB-A9E6-0D4295FA3F60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.52:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B1683-914F-43D3-AE1C-311D3A90BE8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D24656-CAB1-4A98-A440-482927FEDD16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E504557C-DA5D-4D0F-A813-4CE7D5109F15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.56:*:*:*:*:*:*:*",
"matchCriteriaId": "04D2A067-C717-4921-BBF5-3EFBE02736EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE0D50C0-DADB-4747-8649-8A5257111FE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE2699F-353F-44CB-A778-981783DDC31F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8E50BD-1FBD-483B-9C27-70E95C732E55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F46E5E4F-787C-4C05-B1E7-C39BB9125D16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A29312-38E7-456B-94DD-4D7329691114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "27F7BB31-C733-4C32-BF0F-33B5AF020156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DC313568-33A6-435B-98FF-8A7091D9C451"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7F85710A-28CE-4913-8523-356461908FBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D6069950-016B-419A-B754-D58956CB6D14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2F3FEC-624F-47C5-B056-836861BB038A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "853A002C-839A-4372-8485-750A86E9F6E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C62BB5D6-CE75-4C83-82DC-4148EF8CB1F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D32F1365-EAF8-4570-B2FF-45E47E8586F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD07F9B-6BB3-4423-8DBE-4E89A6478E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "34FE4F28-B704-4325-AE8A-C790163FEE71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E832BC0C-8439-4779-9064-C2D93F231031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "959107AC-E9EC-467C-901B-A3164E3762E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F944F8F-0255-42BE-BD44-D21EC9F0FFC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39C535-5A41-47CE-A9CF-B360998D4BF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CEAEFC-7B82-41F9-A09D-C86A3A60A4FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "40FAC31D-19C0-4BA0-A019-C7E7A0BA0B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAAFE0F-416F-4BCA-BA37-30EAEADA8AFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88E310BF-F1F6-4124-A875-81967B9B531E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B330F8F-F0DA-472C-A932-AD1D232C7DB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20D7966E-B02B-48C8-BF96-723DD6C25314"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4D975CBA-7F01-4A4C-991B-9571410C4F07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFA476-5021-4A00-859E-1643009D6156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E3A5DC-A237-46E4-A4E5-F135482F984A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D46E2E00-BA86-4002-B67B-2C1A6C1AAAE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91AD8BA2-EB8D-4D8B-B707-AF5C2A831998"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ac-acl-bypass-bwd7q6Gb",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

117
CVE-2023/CVE-2023-202xx/CVE-2023-20270.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20270",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T17:15:11.783",
"lastModified": "2023-11-01T17:16:31.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T16:18:39.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interacci\u00f3n entre el preprocesador del protocolo Server Message Block (SMB) y el motor de detecci\u00f3n Snort 3 para el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado omita las pol\u00edticas configuradas o provoque una Denegaci\u00f3n de Servicio (DoS) condici\u00f3n en un dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n de errores incorrecta cuando el motor de detecci\u00f3n de Snort 3 procesa el tr\u00e1fico SMB. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un flujo de paquetes SMB manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el proceso Snort se recargue, lo que resultar\u00eda en una condici\u00f3n DoS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,97 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-smbsnort3-dos-pfOjOYUV",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-237xx/CVE-2023-23702.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-23702",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.827",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:27:43.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <=\u00a01.1.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Pixelgrade Comments Ratings en versiones &lt;= 1.1.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pixelgrade:comments_rating:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.7",
"matchCriteriaId": "275A0A08-5E2B-4198-9519-55DE38DAFB52"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-245xx/CVE-2023-24585.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24585",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-11-14T10:15:26.303",
"lastModified": "2023-11-14T10:15:26.303",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-251xx/CVE-2023-25181.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-25181",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-11-14T10:15:26.740",
"lastModified": "2023-11-14T10:15:26.740",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-278xx/CVE-2023-27882.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27882",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-11-14T10:15:27.113",
"lastModified": "2023-11-14T10:15:27.113",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad de l\u00edmite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-283xx/CVE-2023-28379.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28379",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-11-14T10:15:27.540",
"lastModified": "2023-11-14T10:15:27.540",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de l\u00edmite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-283xx/CVE-2023-28391.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28391",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-11-14T10:15:27.937",
"lastModified": "2023-11-14T10:15:27.937",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de an\u00e1lisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {

57
CVE-2023/CVE-2023-287xx/CVE-2023-28794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28794",
"sourceIdentifier": "cve@zscaler.com",
"published": "2023-11-06T08:15:22.037",
"lastModified": "2023-11-06T13:00:43.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:29:43.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@zscaler.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
},
{
"source": "cve@zscaler.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.3.1.6",
"matchCriteriaId": "58F93164-0E8D-4DDC-BE4E-8D09CC32B322"
}
]
}
]
}
],
"references": [
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-312xx/CVE-2023-31247.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31247",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-11-14T10:15:28.393",
"lastModified": "2023-11-14T10:15:28.393",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de an\u00e1lisis de encabezados de HTTP Server Host de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-314xx/CVE-2023-31403.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31403",
"sourceIdentifier": "cna@sap.com",
"published": "2023-11-14T01:15:07.413",
"lastModified": "2023-11-14T01:15:07.413",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.\n\n"
},
{
"lang": "es",
"value": "La instalaci\u00f3n de SAP Business One versi\u00f3n 10.0, no realiza comprobaciones de autenticaci\u00f3n y autorizaci\u00f3n adecuadas para la carpeta compartida SMB. Como resultado, cualquier usuario malintencionado puede leer y escribir en la carpeta compartida de SMB. Adem\u00e1s, los archivos de la carpeta se pueden ejecutar o utilizar en el proceso de instalaci\u00f3n, lo que genera un impacto considerable en la confidencialidad, la integridad y la disponibilidad."
}
],
"metrics": {

6
CVE-2023/CVE-2023-314xx/CVE-2023-31498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31498",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-11T11:15:09.193",
"lastModified": "2023-05-18T20:31:00.590",
"lastModified": "2023-11-14T16:22:52.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807"
"criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF"
}
]
}

8
CVE-2023/CVE-2023-317xx/CVE-2023-31754.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31754",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T04:15:07.697",
"lastModified": "2023-11-14T04:15:07.697",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que la interfaz de usuario de Optimizely CMS anterior a v12.16.0 conten\u00eda una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s del panel de Administraci\u00f3n."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-346xx/CVE-2023-34647.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34647",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T22:15:09.397",
"lastModified": "2023-07-06T15:20:13.683",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84591D56-973E-4C02-987B-150B222CAA5E"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8786D0-84DE-477A-82C7-36966A103FFD"
}
]
}

6
CVE-2023/CVE-2023-346xx/CVE-2023-34652.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T21:15:10.167",
"lastModified": "2023-07-06T15:20:24.907",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84591D56-973E-4C02-987B-150B222CAA5E"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8786D0-84DE-477A-82C7-36966A103FFD"
}
]
}

6
CVE-2023/CVE-2023-363xx/CVE-2023-36375.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T17:15:09.263",
"lastModified": "2023-11-07T04:16:33.420",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Modified",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178"
}
]
}

6
CVE-2023/CVE-2023-363xx/CVE-2023-36376.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T16:15:53.307",
"lastModified": "2023-11-07T04:16:34.357",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Modified",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178"
}
]
}

56
CVE-2023/CVE-2023-365xx/CVE-2023-36529.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-36529",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-03T17:15:08.830",
"lastModified": "2023-11-03T18:05:16.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:16:56.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Favethemes Houzez - Real Estate WordPress Theme permite la inyecci\u00f3n de SQL. Este problema afecta a Houzez - Real Estate WordPress Theme: desde n/a hasta 1.3.4."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
@ -23,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:favethemes:houzez:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.4",
"matchCriteriaId": "008F583B-0C08-4A26-B5BF-7C1B23D32C17"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/houzez-crm/wordpress-houzez-crm-plugin-1-3-3-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-368xx/CVE-2023-36823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36823",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-06T16:15:10.147",
"lastModified": "2023-07-13T15:25:33.460",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-14T16:15:27.467",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -106,6 +106,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-369xx/CVE-2023-36939.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36939",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T18:15:10.963",
"lastModified": "2023-11-07T04:16:48.133",
"lastModified": "2023-11-14T16:36:13.640",
"vulnStatus": "Modified",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336"
"criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178"
}
]
}

12
CVE-2023/CVE-2023-36xx/CVE-2023-3605.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3605",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T20:15:15.377",
"lastModified": "2023-11-07T04:19:07.830",
"lastModified": "2023-11-14T16:47:19.710",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.2
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -100,8 +100,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D11F3B-2D8E-47A6-B3D6-842866ED90F8"
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F791729D-028D-4D1B-8816-A64C299CEB2A"
}
]
}

6
CVE-2023/CVE-2023-377xx/CVE-2023-37772.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37772",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T01:15:10.850",
"lastModified": "2023-08-04T16:23:46.130",
"lastModified": "2023-11-14T16:47:19.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A"
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29"
}
]
}

10
CVE-2023/CVE-2023-388xx/CVE-2023-38890.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38890",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T19:15:12.690",
"lastModified": "2023-08-22T00:57:39.623",
"lastModified": "2023-11-14T16:47:19.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks."
},
{
"lang": "es",
"value": "Online Shopping Portal Project v3.1 permite a atacantes remotos ejecutar comandos/consultas SQL arbitrarias a trav\u00e9s del formulario de inicio de sesi\u00f3n, lo que conduce a un acceso no autorizado y a una posible manipulaci\u00f3n de los datos. Esta vulnerabilidad surge debido a la insuficiente validaci\u00f3n de entrada proporcionada por el usuario en el campo de nombre de usuario, lo que permite ataques de inyecci\u00f3n SQL. "
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A"
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29"
}
]
}

115
CVE-2023/CVE-2023-393xx/CVE-2023-39301.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39301",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-11-03T17:15:08.987",
"lastModified": "2023-11-03T18:05:16.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-14T15:29:43.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2514 build 20230906 and later\nQTS 5.1.1.2491 build 20230815 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.1.2488 build 20230812 and later\nQuTScloud c5.1.0.2498 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de Server-Side Request Forgery (SSRF) afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados leer datos de aplicaciones a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2514 compilaci\u00f3n 20230906 y posteriores QTS 5.1.1.2491 compilaci\u00f3n 20230815 y posteriores QuTS hero h5.0.1.2515 compilaci\u00f3n 20230907 y posteriores QuTS hero h5.1.1.2488 compilaci\u00f3n 20230812 y posteriores QuTScloud c5.1.0.2498 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +70,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.1.2491",
"matchCriteriaId": "FE4E63EE-19E3-4A18-B22C-8E5A178643E6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.1.2514",
"matchCriteriaId": "2B2C011A-E432-4F18-8661-E51F3A1E969A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionEndExcluding": "h5.1.1.2488",
"matchCriteriaId": "FC1722B6-35FA-4544-B22F-257DE9A7B9CF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionEndExcluding": "h5.0.1.2515",
"matchCriteriaId": "F2CBD911-61F2-4248-9918-67A34E049686"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c5.1.0.2498",
"matchCriteriaId": "3CDA1932-DFFE-40B4-B8A8-E84914C99601"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-51",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-413xx/CVE-2023-41366.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41366",
"sourceIdentifier": "cna@sap.com",
"published": "2023-11-14T01:15:07.637",
"lastModified": "2023-11-14T01:15:07.637",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.\n\n"
},
{
"lang": "es",
"value": "Bajo ciertas condiciones SAP NetWeaver Application Server ABAP - versiones KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, permite que un atacante no autenticado acceda a datos no deseados debido a la falta de restricciones aplicadas, lo que puede generar un bajo impacto en la confidencialidad y ning\u00fan impacto en la integridad y disponibilidad de la aplicaci\u00f3n."
}
],
"metrics": {

10
CVE-2023/CVE-2023-415xx/CVE-2023-41575.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T19:15:44.087",
"lastModified": "2023-09-12T19:14:47.017",
"lastModified": "2023-11-14T16:42:49.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en /bbdms/sign-up.php de Blood Bank &amp; Donor Management v2.2 permiten a los atacantes ejecutar scripts web arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en los par\u00e1metros Nombre completo, Mensaje o Direcci\u00f3n."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blood_bank_\\&_donor_management_system_project:blood_bank_\\&_donor_management_system:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3A7305-2915-4C4F-9982-1C5C484E9C56"
"criteria": "cpe:2.3:a:phpgurukul:blood_bank_\\&_donor_management_system:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E9BDDD-F357-4BD5-B838-13F94312F836"
}
]
}

8
CVE-2023/CVE-2023-423xx/CVE-2023-42325.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42325",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T04:15:07.753",
"lastModified": "2023-11-14T04:15:07.753",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a trav\u00e9s de una URL manipulada para la p\u00e1gina status_logs_filter_dynamic.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-423xx/CVE-2023-42326.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42326",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.587",
"lastModified": "2023-11-14T05:15:08.587",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components."
},
{
"lang": "es",
"value": "Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-423xx/CVE-2023-42327.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42327",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T04:15:07.800",
"lastModified": "2023-11-14T04:15:07.800",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a trav\u00e9s de una URL manipulada para la p\u00e1gina getserviceproviders.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-424xx/CVE-2023-42480.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42480",
"sourceIdentifier": "cna@sap.com",
"published": "2023-11-14T01:15:07.907",
"lastModified": "2023-11-14T01:15:07.907",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids.\u00a0This will have an impact on confidentiality but there is no other impact on integrity or availability.\n\n"
},
{
"lang": "es",
"value": "El atacante no autenticado en la aplicaci\u00f3n NetWeaver AS Java Logon versi\u00f3n 7.50 puede forzar la funcionalidad de inicio de sesi\u00f3n para identificar los ID de usuario leg\u00edtimos. Esto tendr\u00e1 un impacto en la confidencialidad, pero no hay ning\u00fan otro impacto en la integridad o disponibilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42813.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42813",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:07.473",
"lastModified": "2023-11-13T21:15:07.473",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild."
},
{
"lang": "es",
"value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. El componente vulnerable en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda las certificaciones. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42814.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42814",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:07.730",
"lastModified": "2023-11-13T21:15:07.730",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.\n"
},
{
"lang": "es",
"value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. El componente vulnerable en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda las certificaciones. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42815.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:07.940",
"lastModified": "2023-11-13T21:15:07.940",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild."
},
{
"lang": "es",
"value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. La vulnerabilidad estaba en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda firmas. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42816.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42816",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-13T21:15:08.127",
"lastModified": "2023-11-13T21:15:08.127",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:58.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild."
},
{
"lang": "es",
"value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. La vulnerabilidad estaba en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda firmas. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza."
}
],
"metrics": {

8
CVE-2023/CVE-2023-435xx/CVE-2023-43503.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43503",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:11.297",
"lastModified": "2023-11-14T11:15:11.297",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en COMOS (Todas las versiones &lt; V10.4.4). El sistema de almacenamiento en cach\u00e9 de la aplicaci\u00f3n afectada filtra informaci\u00f3n confidencial, como informaci\u00f3n del usuario y del proyecto, en texto plano a trav\u00e9s de UDP."
}
],
"metrics": {

8
CVE-2023/CVE-2023-435xx/CVE-2023-43504.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43504",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:11.600",
"lastModified": "2023-11-14T11:15:11.600",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en COMOS (Todas las versiones &lt; V10.4.4). El ejecutable de Ptmcast utilizado para probar el servicio de validaci\u00f3n de cach\u00e9 en la aplicaci\u00f3n afectada es vulnerable al desbordamiento del b\u00fafer basado en Structured Exception Handler (SEH). Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario en el sistema de destino o provocar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2023/CVE-2023-435xx/CVE-2023-43505.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43505",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:11.853",
"lastModified": "2023-11-14T11:15:11.853",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en COMOS (todas las versiones). La aplicaci\u00f3n afectada carece de controles de acceso adecuados en los recursos compartidos de SMB. Esto podr\u00eda permitir que un atacante acceda a archivos a los que el usuario no deber\u00eda tener acceso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-439xx/CVE-2023-43900.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43900",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.700",
"lastModified": "2023-11-14T05:15:08.700",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters."
},
{
"lang": "es",
"value": "Insecure Direct Object References (IDOR) en EMSigner v2.8.7 permiten a los atacantes obtener acceso no autorizado al contenido de la aplicaci\u00f3n y ver datos confidenciales de otros usuarios mediante la manipulaci\u00f3n de los par\u00e1metros documentID y EncryptedDocumentId."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-439xx/CVE-2023-43901.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43901",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.767",
"lastModified": "2023-11-14T05:15:08.767",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user."
},
{
"lang": "es",
"value": "El control de acceso incorrecto en el formulario de creaci\u00f3n de Usuarios AdHoc de EMSigner v2.8.7 permite a atacantes no autenticados modificar arbitrariamente nombres de usuarios y privilegios utilizando la direcci\u00f3n de correo electr\u00f3nico de un usuario registrado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-439xx/CVE-2023-43902.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T05:15:08.833",
"lastModified": "2023-11-14T05:15:08.833",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:50.200",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token."
},
{
"lang": "es",
"value": "El control de acceso incorrecto en la funci\u00f3n Forgot Your Password de EMSigner v2.8.7 permite a atacantes no autenticados acceder a las cuentas de todos los usuarios registrados, incluidos aquellos con privilegios de administrador, a trav\u00e9s de un token de restablecimiento de contrase\u00f1a manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-443xx/CVE-2023-44317.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44317",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.067",
"lastModified": "2023-11-14T11:15:12.067",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos productos afectados no validan adecuadamente el contenido de los certificados X509 cargados, lo que podr\u00eda permitir a un atacante con privilegios administrativos ejecutar c\u00f3digo arbitrario en el dispositivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44318.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44318",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.287",
"lastModified": "2023-11-14T11:15:12.287",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados utilizan una clave codificada para ocultar la copia de seguridad de la configuraci\u00f3n que un administrador puede exportar desde el dispositivo. Esto podr\u00eda permitir que un atacante autenticado con privilegios administrativos o un atacante que obtenga una copia de seguridad de la configuraci\u00f3n extraiga informaci\u00f3n de configuraci\u00f3n del archivo exportado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44319.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44319",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.510",
"lastModified": "2023-11-14T11:15:12.510",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados utilizan un algoritmo de suma de comprobaci\u00f3n d\u00e9bil para proteger la copia de seguridad de la configuraci\u00f3n que un administrador puede exportar desde el dispositivo. Esto podr\u00eda permitir que un atacante autenticado con privilegios administrativos o un atacante que enga\u00f1e a un administrador leg\u00edtimo cargue un archivo de configuraci\u00f3n modificado para cambiar la configuraci\u00f3n de un dispositivo afectado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44320.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44320",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.757",
"lastModified": "2023-11-14T11:15:12.757",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados no validan adecuadamente la autenticaci\u00f3n al realizar ciertas modificaciones en la interfaz web, lo que permite que un atacante autenticado influya en la interfaz de usuario configurada por un administrador."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44321.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44321",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.973",
"lastModified": "2023-11-14T11:15:12.973",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados no validan adecuadamente la longitud de las entradas al realizar ciertos cambios de configuraci\u00f3n en la interfaz web, lo que permite que un atacante autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio. Es necesario reiniciar el dispositivo para que la interfaz web vuelva a estar disponible."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44322.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44322",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.187",
"lastModified": "2023-11-14T11:15:13.187",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (V &lt; 4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (V &lt; 4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados se pueden configurar para enviar correos electr\u00f3nicos cuando ocurren ciertos eventos en el dispositivo. Cuando se presenta una respuesta no v\u00e1lida del servidor SMTP, el dispositivo genera un error que interrumpe el env\u00edo de correo electr\u00f3nico. Un atacante con acceso a la red puede usar esto para desactivar la notificaci\u00f3n a los usuarios cuando ocurren ciertos eventos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44373.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44373",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.417",
"lastModified": "2023-11-14T11:15:13.417",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V &lt; 4.5), \nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB208 (E/IP) (V &lt; 4.5), \nSCALANCE XB208 (PN) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V &lt; 4.5), \nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5), \nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5), \nSCALANCE XB216 (E/IP) (V &lt; 4.5), \nSCALANCE XB216 (PN) (V &lt; 4.5), \nSCALANCE XC206-2 (SC ) (V &lt; 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5), \nSCALANCE XC206-2G PoE (V &lt; 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5), y\nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5), \nSCALANCE XC206-2SFP (V &lt; 4.5), \nSCALANCE XC206-2SFP EEC ( V &lt; 4.5), \nSCALANCE XC206-2SFP G (V &lt; 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5), \nSCALANCE XC206-2SFP G EEC (V &lt; 4.5), \nSCALANCE XC208 (V &lt; 4.5), \nSCALANCE XC208EEC (V &lt; 4.5), \nSCALANCE XC208G (V &lt; 4.5), \nSCALANCE XC208G (EIP def.) (V &lt; 4.5), \nSCALANCE XC208G EEC (V &lt; 4.5), \nSCALANCE XC208G PoE (V &lt; 4.5), \nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216 (todas versiones &lt; V4.5), \nSCALANCE XC216-3G PoE (V &lt; 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5), \nSCALANCE XC216-4C (V &lt; 4. 5), \nSCALANCE XC216-4C G (V &lt; 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC216-4C G EEC (V &lt; 4.5) , \nSCALANCE XC216EEC (V &lt; 4.5), \nSCALANCE XC224 (V &lt; 4.5), \nSCALANCE XC224-4C G (V &lt; 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5), \nSCALANCE XC224-4C G EEC (V &lt; 4.5), \nSCALANCE XF204 (V &lt; 4.5), \nSCALANCE XF204 DNA (V &lt; 4.5), \nSCALANCE XF204-2BA (Todas versiones &lt; V4.5), \nSCALANCE XF204-2BA DNA (V &lt; 4.5), \nSCALANCE XP208 (V &lt; 4.5), \nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP208EEC (V &lt; 4.5), \nSCALANCE XP208PoE EEC (V &lt; 4.5), \nSCALANCE XP216 (V &lt; 4.5), \nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5), \nSCALANCE XP216EEC (V &lt; 4.5), \nSCALANCE XP216POE EEC (V &lt; 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (V &lt; 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5), \nSIPLUS NET SCALANCE XC208 (V &lt; 4.5), \nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados no sanitizan adecuadamente un campo de entrada. Esto podr\u00eda permitir que un atacante remoto autenticado con privilegios administrativos inyecte c\u00f3digo o genere un root shell del sistema. Seguimiento del CVE-2022-36323."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44374.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44374",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.753",
"lastModified": "2023-11-14T11:15:13.753",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:45.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nSCALANCE XB205-3 (SC, PN) (V &lt; 4.5),\nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5),\nSCALANCE XB205-3 (ST, E/IP) (V &lt; 4.5),\nSCALANCE XB205-3 (ST, PN) (V &lt; 4.5),\nSCALANCE XB205-3LD (SC, E/IP) (V &lt; 4.5),\nSCALANCE XB205-3LD (SC, PN) (V &lt; 4.5),\nSCALANCE XB208 (E/IP) (V &lt; 4.5),\nSCALANCE XB208 (PN) (V &lt; 4.5),\nSCALANCE XB213-3 (SC, E/IP) (V &lt; 4.5),\nSCALANCE XB213-3 (SC, PN) (V &lt; 4.5),\nSCALANCE XB213-3 (ST, E/IP) (V &lt; 4.5),\nSCALANCE XB213-3 (ST, PN) (V &lt; 4.5),\nSCALANCE XB213-3LD (SC, E/IP) (V &lt; 4.5),\nSCALANCE XB213-3LD (SC, PN) (V &lt; 4.5),\nSCALANCE XB216 (E/IP) (V &lt; 4.5),\nSCALANCE XB216 (PN) (V &lt; 4.5),\nSCALANCE XC206-2 (SC) (V &lt; 4.5),\nSCALANCE XC206-2 (ST/BFOC) (V &lt; 4.5),\nSCALANCE XC206-2G PoE (V &lt; 4.5),\nSCALANCE XC206-2G PoE (54 V DC) (V &lt; 4.5),\nSCALANCE XC206-2G PoE EEC (54 V DC) (V &lt; 4.5),\nSCALANCE XC206-2SFP (V &lt; 4.5),\nSCALANCE XC206-2SFP EEC (V &lt; 4.5),\nSCALANCE XC206-2SFP G (V &lt; 4.5),\nSCALANCE XC206-2SFP G (EIP DEF.) (V &lt; 4.5),\nSCALANCE XC206-2SFP G EEC (V &lt; 4.5),\nSCALANCE XC208 (V &lt; 4.5),\nSCALANCE XC208EEC (V &lt; 4.5),\nSCALANCE XC208G (V &lt; 4.5),\nSCALANCE XC208G (EIP def.) (V &lt; 4.5),\nSCALANCE XC208G EEC (V &lt; 4.5),\nSCALANCE XC208G PoE (V &lt; V4.5),\nSCALANCE XC208G PoE (54 V DC) (V &lt; 4.5),\nSCALANCE XC216 (V &lt; 4.5),\nSCALANCE XC216-3G PoE (V &lt; V4.5),\nSCALANCE XC216-3G PoE (54 V DC) (V &lt; 4.5),\nSCALANCE XC216-4C (V &lt; 4.5),\nSCALANCE XC216-4C G (V &lt; 4.5),\nSCALANCE XC216-4C G (EIP Def.) (V &lt; 4.5),\nSCALANCE XC216-4C G EEC (V &lt; 4.5),\nSCALANCE XC216EEC (V &lt; 4.5),\nSCALANCE XC224 (V &lt; 4.5),\nSCALANCE XC224-4C G (V &lt; 4.5),\nSCALANCE XC224-4C G (EIP Def.) (V &lt; 4.5),\nSCALANCE XC224-4C G EEC (V &lt; 4.5),\nSCALANCE XF204 (V &lt; 4.5),\nSCALANCE XF204 DNA (V &lt; 4.5),\nSCALANCE XF204-2BA (V &lt; 4.5),\nSCALANCE XF204-2BA DNA (V &lt; 4.5),\nSCALANCE XP208 (V &lt; 4.5),\nSCALANCE XP208 (Ethernet/IP) (V &lt; 4.5),\nSCALANCE XP208EEC (V &lt; 4.5),\nSCALANCE XP208PoE EEC (V &lt; 4.5),\nSCALANCE XP216 (V &lt; 4.5),\nSCALANCE XP216 (Ethernet/IP) (V &lt; 4.5),\nSCALANCE XP216EEC (V &lt; 4.5),\nSCALANCE XP216POE EEC (V &lt; 4.5),\nSCALANCE XR324WG (24 x FE, AC 230V) (V &lt; 4.5),\nSCALANCE XR324WG (24 X FE, DC 24V) (V &lt; 4.5),\nSCALANCE XR326-2C PoE WG (V &lt; 4.5),\nSCALANCE XR326-2C PoE WG (sin UL) (V &lt; 4.5),\nSCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (V &lt; 4.5),\nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V &lt; 4.5),\nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5),\nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V &lt; 4.5),\nSCALANCE XR328-4C WG (28xGE, AC 230V) (V &lt; 4.5),\nSCALANCE XR328-4C WG (28xGE, DC 24V) (V &lt; 4.5),\nSIPLUS NET SCALANCE XC206-2 (V &lt; 4.5),\nSIPLUS NET SCALANCE XC206-2SFP (V &lt; 4.5),\nSIPLUS NET SCALANCE XC208 (V &lt; 4.5),\nSIPLUS NET SCALANCE XC216-4C (V &lt; 4.5).\nLos dispositivos afectados permiten cambiar la contrase\u00f1a, pero no comprueban suficientemente qu\u00e9 contrase\u00f1a se debe cambiar. Con esto, un atacante autenticado podr\u00eda, bajo ciertas condiciones, cambiar la contrase\u00f1a de otro usuario administrador potencial, permiti\u00e9ndole escalar sus privilegios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-455xx/CVE-2023-45558.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45558",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T03:15:09.210",
"lastModified": "2023-11-14T03:15:09.210",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en Golden v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtraci\u00f3n del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-455xx/CVE-2023-45560.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-14T03:15:09.263",
"lastModified": "2023-11-14T03:15:09.263",
"vulnStatus": "Received",
"lastModified": "2023-11-14T15:15:54.130",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la tarjeta de miembro de Yasukawa v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtraci\u00f3n del token de acceso al canal."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More