diff --git a/CVE-2017/CVE-2017-160xx/CVE-2017-16020.json b/CVE-2017/CVE-2017-160xx/CVE-2017-16020.json index c60b314c119..4395dfb99ba 100644 --- a/CVE-2017/CVE-2017-160xx/CVE-2017-16020.json +++ b/CVE-2017/CVE-2017-160xx/CVE-2017-16020.json @@ -2,8 +2,8 @@ "id": "CVE-2017-16020", "sourceIdentifier": "support@hackerone.com", "published": "2018-06-04T19:29:01.240", - "lastModified": "2019-10-09T23:24:37.097", - "vulnStatus": "Modified", + "lastModified": "2023-11-14T15:16:29.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -96,8 +96,8 @@ "vulnerable": true, "criteria": "cpe:2.3:a:summit_project:summit:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "0.1.0", - "versionEndIncluding": "0.1.22", - "matchCriteriaId": "59170DBC-C5A5-4A93-A11D-EABF4C662880" + "versionEndIncluding": "0.1.21", + "matchCriteriaId": "1B6D8179-37B3-4F00-BFA8-289258635FE8" } ] } diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json index 24268591c0f..92b1fa2211c 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25092.json @@ -2,8 +2,8 @@ "id": "CVE-2018-25092", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-05T21:15:09.357", - "lastModified": "2023-11-07T02:56:34.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:20:42.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -39,7 +59,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -65,8 +85,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -75,22 +105,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vaerys-dawn:discordsailv2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.10.3", + "matchCriteriaId": "B44FDAD3-1B54-4735-98CA-AEB910A3322A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.244483", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.244483", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json index c88933ae04f..0483160c9e6 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json @@ -2,8 +2,8 @@ "id": "CVE-2018-25093", "sourceIdentifier": "cna@vuldb.com", "published": "2023-11-06T01:15:08.690", - "lastModified": "2023-11-07T02:56:34.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:23:21.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,27 @@ "metrics": { "cvssMetricV31": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -39,7 +59,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -65,8 +85,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -75,22 +105,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vaerys-dawn:discordsailv2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.10.3", + "matchCriteriaId": "B44FDAD3-1B54-4735-98CA-AEB910A3322A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.244484", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.244484", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22164.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22164.json index 3a5ffbd9b27..2eace991b14 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22164.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22164.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22164", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:13.093", - "lastModified": "2021-06-24T13:33:30.607", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22165.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22165.json index 161abc1e526..0e0368b54eb 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22165.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22165.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22165", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:14.150", - "lastModified": "2021-06-24T13:37:48.103", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22166.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22166.json index f8984be16da..8a90d7582f9 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22166.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22166.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22166", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:15.680", - "lastModified": "2021-06-24T13:38:16.170", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22167.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22167.json index 44eed60f661..dab58d78e8f 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22167.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22167.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22167", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:15.803", - "lastModified": "2021-06-24T13:39:48.873", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22168.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22168.json index 0446370ac93..f590b21f4fa 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22168.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22168.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22168", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.107", - "lastModified": "2021-06-24T13:38:52.490", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22169.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22169.json index c9c1e59d3ee..05f0379aa60 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22169.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22169.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22169", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.150", - "lastModified": "2021-06-24T13:40:03.230", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22170.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22170.json index 95bd61e6e35..5a999e3d9c1 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22170.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22170.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22170", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.187", - "lastModified": "2021-06-24T13:40:37.310", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22171.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22171.json index 6640c583ad6..35934365e2d 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22171.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22171.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22171", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.220", - "lastModified": "2021-06-24T13:41:13.233", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22172.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22172.json index 6e20da50d4d..dcc78488fe0 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22172.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22172.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22172", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.253", - "lastModified": "2021-06-24T13:41:25.583", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22173.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22173.json index 5f997c71a01..85030fec6ce 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22173.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22173.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22173", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.287", - "lastModified": "2021-06-24T13:43:45.900", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22174.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22174.json index 158e490c5ad..f9944baaf05 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22174.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22174.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22174", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.323", - "lastModified": "2021-06-24T13:44:50.607", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22175.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22175.json index 120bbe9b0fe..4e0043b62df 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22175.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22175.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22175", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.360", - "lastModified": "2021-06-24T13:45:05.023", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-221xx/CVE-2020-22176.json b/CVE-2020/CVE-2020-221xx/CVE-2020-22176.json index 0899fc05573..7c04f946d38 100644 --- a/CVE-2020/CVE-2020-221xx/CVE-2020-22176.json +++ b/CVE-2020/CVE-2020-221xx/CVE-2020-22176.json @@ -2,7 +2,7 @@ "id": "CVE-2020-22176", "sourceIdentifier": "cve@mitre.org", "published": "2021-06-22T15:15:16.393", - "lastModified": "2022-06-28T14:11:45.273", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -88,8 +88,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-252xx/CVE-2020-25270.json b/CVE-2020/CVE-2020-252xx/CVE-2020-25270.json index 3853fe824fe..0deff83365e 100644 --- a/CVE-2020/CVE-2020-252xx/CVE-2020-25270.json +++ b/CVE-2020/CVE-2020-252xx/CVE-2020-25270.json @@ -2,7 +2,7 @@ "id": "CVE-2020-25270", "sourceIdentifier": "cve@mitre.org", "published": "2020-10-08T13:15:10.987", - "lastModified": "2023-02-27T17:27:17.307", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178" } ] } diff --git a/CVE-2020/CVE-2020-252xx/CVE-2020-25271.json b/CVE-2020/CVE-2020-252xx/CVE-2020-25271.json index 9c9a1f412ab..5c138e23174 100644 --- a/CVE-2020/CVE-2020-252xx/CVE-2020-25271.json +++ b/CVE-2020/CVE-2020-252xx/CVE-2020-25271.json @@ -2,7 +2,7 @@ "id": "CVE-2020-25271", "sourceIdentifier": "cve@mitre.org", "published": "2020-10-08T13:15:11.047", - "lastModified": "2020-10-16T20:32:05.747", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-281xx/CVE-2020-28136.json b/CVE-2020/CVE-2020-281xx/CVE-2020-28136.json index d90de89f2f0..f13ac266f43 100644 --- a/CVE-2020/CVE-2020-281xx/CVE-2020-28136.json +++ b/CVE-2020/CVE-2020-281xx/CVE-2020-28136.json @@ -2,7 +2,7 @@ "id": "CVE-2020-28136", "sourceIdentifier": "cve@mitre.org", "published": "2020-11-17T20:15:11.300", - "lastModified": "2020-12-01T16:44:29.417", + "lastModified": "2023-11-14T16:30:23.447", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:tourism_management_system_project:tourism_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "39CBB56F-53D8-46A6-8DA6-851E8E9E5076" + "criteria": "cpe:2.3:a:phpgurukul:tourism_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E790B49F-53C5-4DD8-AD13-EC40116B221E" } ] } diff --git a/CVE-2020/CVE-2020-357xx/CVE-2020-35745.json b/CVE-2020/CVE-2020-357xx/CVE-2020-35745.json index a2504344f8a..d62d3f51096 100644 --- a/CVE-2020/CVE-2020-357xx/CVE-2020-35745.json +++ b/CVE-2020/CVE-2020-357xx/CVE-2020-35745.json @@ -2,7 +2,7 @@ "id": "CVE-2020-35745", "sourceIdentifier": "cve@mitre.org", "published": "2021-01-07T21:15:13.120", - "lastModified": "2023-11-07T03:22:03.210", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Modified", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-51xx/CVE-2020-5191.json b/CVE-2020/CVE-2020-51xx/CVE-2020-5191.json index 520a56a705b..94b755da174 100644 --- a/CVE-2020/CVE-2020-51xx/CVE-2020-5191.json +++ b/CVE-2020/CVE-2020-51xx/CVE-2020-5191.json @@ -2,7 +2,7 @@ "id": "CVE-2020-5191", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-06T01:15:10.840", - "lastModified": "2020-01-10T18:43:30.727", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-51xx/CVE-2020-5192.json b/CVE-2020/CVE-2020-51xx/CVE-2020-5192.json index 99f0bd953ae..562532f90bf 100644 --- a/CVE-2020/CVE-2020-51xx/CVE-2020-5192.json +++ b/CVE-2020/CVE-2020-51xx/CVE-2020-5192.json @@ -2,7 +2,7 @@ "id": "CVE-2020-5192", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-06T01:15:10.917", - "lastModified": "2020-01-13T21:12:30.963", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-51xx/CVE-2020-5193.json b/CVE-2020/CVE-2020-51xx/CVE-2020-5193.json index 5a412033ec2..81f96d7ee3d 100644 --- a/CVE-2020/CVE-2020-51xx/CVE-2020-5193.json +++ b/CVE-2020/CVE-2020-51xx/CVE-2020-5193.json @@ -2,7 +2,7 @@ "id": "CVE-2020-5193", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-14T18:15:11.727", - "lastModified": "2020-01-21T16:03:05.557", + "lastModified": "2023-11-14T16:21:41.177", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2020/CVE-2020-55xx/CVE-2020-5510.json b/CVE-2020/CVE-2020-55xx/CVE-2020-5510.json index 14b3db9dad3..8afc3e9fc74 100644 --- a/CVE-2020/CVE-2020-55xx/CVE-2020-5510.json +++ b/CVE-2020/CVE-2020-55xx/CVE-2020-5510.json @@ -2,7 +2,7 @@ "id": "CVE-2020-5510", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-08T18:15:13.963", - "lastModified": "2023-07-31T13:05:21.247", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "D8A7C521-537B-4A80-BE80-E4F66254C027" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EFD71D7C-E606-4658-9B2C-5F9BF8279AFE" } ] } diff --git a/CVE-2021/CVE-2021-268xx/CVE-2021-26809.json b/CVE-2021/CVE-2021-268xx/CVE-2021-26809.json index 9a62c2d46b6..4c519143355 100644 --- a/CVE-2021/CVE-2021-268xx/CVE-2021-26809.json +++ b/CVE-2021/CVE-2021-268xx/CVE-2021-26809.json @@ -2,7 +2,7 @@ "id": "CVE-2021-26809", "sourceIdentifier": "cve@mitre.org", "published": "2021-02-17T15:15:13.673", - "lastModified": "2021-02-26T18:35:20.627", + "lastModified": "2023-11-14T16:33:11.120", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:car_rental_portal_project:car_rental_portal:2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "98818E63-D361-4A0A-A41F-AC06F27D4A1D" + "criteria": "cpe:2.3:a:phpgurukul:car_rental_portal:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "966C918E-9D08-4392-91DD-7B25971858E1" } ] } diff --git a/CVE-2021/CVE-2021-353xx/CVE-2021-35387.json b/CVE-2021/CVE-2021-353xx/CVE-2021-35387.json index df14b31fde4..0808ec5dea3 100644 --- a/CVE-2021/CVE-2021-353xx/CVE-2021-35387.json +++ b/CVE-2021/CVE-2021-353xx/CVE-2021-35387.json @@ -2,12 +2,16 @@ "id": "CVE-2021-35387", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-28T15:15:12.697", - "lastModified": "2022-10-28T18:31:52.523", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php." + }, + { + "lang": "es", + "value": "Hospital Management System v 4.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del archivo: hospital/hms/admin/view-patient.php." } ], "metrics": { @@ -55,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2021/CVE-2021-353xx/CVE-2021-35388.json b/CVE-2021/CVE-2021-353xx/CVE-2021-35388.json index ae09cc74547..5a5430e951c 100644 --- a/CVE-2021/CVE-2021-353xx/CVE-2021-35388.json +++ b/CVE-2021/CVE-2021-353xx/CVE-2021-35388.json @@ -2,12 +2,16 @@ "id": "CVE-2021-35388", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-28T15:15:13.600", - "lastModified": "2022-10-28T18:33:17.107", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php." + }, + { + "lang": "es", + "value": "Hospital Management System v 4.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /hospital/hms/admin/patient-search.php." } ], "metrics": { @@ -55,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2021/CVE-2021-378xx/CVE-2021-37807.json b/CVE-2021/CVE-2021-378xx/CVE-2021-37807.json index e451f613b2c..9c3d68e8b07 100644 --- a/CVE-2021/CVE-2021-378xx/CVE-2021-37807.json +++ b/CVE-2021/CVE-2021-378xx/CVE-2021-37807.json @@ -2,7 +2,7 @@ "id": "CVE-2021-37807", "sourceIdentifier": "cve@mitre.org", "published": "2021-10-27T17:15:10.663", - "lastModified": "2021-11-03T00:04:18.327", + "lastModified": "2023-11-14T16:47:19.710", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A" + "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29" } ] } diff --git a/CVE-2021/CVE-2021-394xx/CVE-2021-39411.json b/CVE-2021/CVE-2021-394xx/CVE-2021-39411.json index 6acb41a3b36..183405ff881 100644 --- a/CVE-2021/CVE-2021-394xx/CVE-2021-39411.json +++ b/CVE-2021/CVE-2021-394xx/CVE-2021-39411.json @@ -2,7 +2,7 @@ "id": "CVE-2021-39411", "sourceIdentifier": "cve@mitre.org", "published": "2021-11-05T15:15:07.790", - "lastModified": "2021-11-09T15:02:13.887", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2021/CVE-2021-431xx/CVE-2021-43137.json b/CVE-2021/CVE-2021-431xx/CVE-2021-43137.json index 8b9d48a623b..75614cf3b70 100644 --- a/CVE-2021/CVE-2021-431xx/CVE-2021-43137.json +++ b/CVE-2021/CVE-2021-431xx/CVE-2021-43137.json @@ -2,7 +2,7 @@ "id": "CVE-2021-43137", "sourceIdentifier": "cve@mitre.org", "published": "2021-12-01T20:15:08.327", - "lastModified": "2023-02-24T15:50:50.677", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Analyzed", "descriptions": [ { @@ -88,8 +88,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178" } ] } diff --git a/CVE-2021/CVE-2021-461xx/CVE-2021-46110.json b/CVE-2021/CVE-2021-461xx/CVE-2021-46110.json index 95fc3e4e584..3e57b8fc9e9 100644 --- a/CVE-2021/CVE-2021-461xx/CVE-2021-46110.json +++ b/CVE-2021/CVE-2021-461xx/CVE-2021-46110.json @@ -2,7 +2,7 @@ "id": "CVE-2021-46110", "sourceIdentifier": "cve@mitre.org", "published": "2022-02-18T21:15:13.000", - "lastModified": "2022-02-24T21:15:28.577", + "lastModified": "2023-11-14T16:47:19.710", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A" + "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29" } ] } diff --git a/CVE-2022/CVE-2022-242xx/CVE-2022-24226.json b/CVE-2022/CVE-2022-242xx/CVE-2022-24226.json index 646bfe4f17f..0b74c2692ed 100644 --- a/CVE-2022/CVE-2022-242xx/CVE-2022-24226.json +++ b/CVE-2022/CVE-2022-242xx/CVE-2022-24226.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24226", "sourceIdentifier": "cve@mitre.org", "published": "2022-02-15T16:15:09.093", - "lastModified": "2022-02-23T13:57:00.590", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2022/CVE-2022-242xx/CVE-2022-24263.json b/CVE-2022/CVE-2022-242xx/CVE-2022-24263.json index 06d5eef0dc5..bc4c848f0d4 100644 --- a/CVE-2022/CVE-2022-242xx/CVE-2022-24263.json +++ b/CVE-2022/CVE-2022-242xx/CVE-2022-24263.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24263", "sourceIdentifier": "cve@mitre.org", "published": "2022-01-31T22:15:07.733", - "lastModified": "2022-02-11T18:01:15.347", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2022/CVE-2022-246xx/CVE-2022-24646.json b/CVE-2022/CVE-2022-246xx/CVE-2022-24646.json index d5d380f2d12..f8219079881 100644 --- a/CVE-2022/CVE-2022-246xx/CVE-2022-24646.json +++ b/CVE-2022/CVE-2022-246xx/CVE-2022-24646.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24646", "sourceIdentifier": "cve@mitre.org", "published": "2022-02-10T23:15:08.043", - "lastModified": "2022-02-17T03:03:55.487", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30930.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30930.json index ca6ef3141f0..739b614100b 100644 --- a/CVE-2022/CVE-2022-309xx/CVE-2022-30930.json +++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30930.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30930", "sourceIdentifier": "cve@mitre.org", "published": "2022-06-14T17:15:08.287", - "lastModified": "2023-11-07T03:47:26.333", + "lastModified": "2023-11-14T16:30:23.447", "vulnStatus": "Modified", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:tourism_management_system_project:tourism_management_system:3.2:*:*:*:*:*:*:*", - "matchCriteriaId": "CE3B6E82-DAB7-439F-A7FD-24550157D3E7" + "criteria": "cpe:2.3:a:phpgurukul:tourism_management_system:3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "FEBB55C7-422D-4A88-B43A-68E542E9D643" } ] } diff --git a/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json b/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json index 11bbf5e96b9..aa491966cd6 100644 --- a/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json +++ b/CVE-2022/CVE-2022-31xx/CVE-2022-3172.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3172", "sourceIdentifier": "jordan@liggitt.net", "published": "2023-11-03T20:15:08.550", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:26:22.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "jordan@liggitt.net", "type": "Secondary", @@ -50,14 +80,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.21.14", + "matchCriteriaId": "D740494E-6332-4421-BE43-C0CEB179CBA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.22.0", + "versionEndExcluding": "1.22.14", + "matchCriteriaId": "57CC215D-A8DA-4D7F-8FF6-A1FC8451DEDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.23.0", + "versionEndExcluding": "1.23.11", + "matchCriteriaId": "1E67C91E-260F-4C6B-BEE1-44B9C7F29C35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.24.0", + "versionEndExcluding": "1.24.5", + "matchCriteriaId": "9D2847AF-B9A8-40FF-AED5-0BBAEF012BA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A049EC76-7250-484F-99AE-BBF05EA04225" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kubernetes/kubernetes/issues/112513", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak", - "source": "jordan@liggitt.net" + "source": "jordan@liggitt.net", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42205.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42205.json index c9dd4eefebf..aa398043bb9 100644 --- a/CVE-2022/CVE-2022-422xx/CVE-2022-42205.json +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42205.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42205", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-21T13:15:09.677", - "lastModified": "2022-10-21T20:26:16.543", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42206.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42206.json index fde6685fb49..10a7ec9961f 100644 --- a/CVE-2022/CVE-2022-422xx/CVE-2022-42206.json +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42206.json @@ -2,7 +2,7 @@ "id": "CVE-2022-42206", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-21T13:15:09.723", - "lastModified": "2022-10-21T20:26:24.660", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json index 35f047f54cd..c8ef3dd635b 100644 --- a/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json @@ -2,15 +2,42 @@ "id": "CVE-2022-45373", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.547", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:36:25.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Jason Crouse, VeronaLabs Slimstat Analytics permite la inyecci\u00f3n SQL. Este problema afecta a Slimstat Analytics: desde n/a hasta 5.0.4." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-slimstat:slimstat_analytics:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.0.5", + "matchCriteriaId": "00117CA2-ED65-44D0-A18E-0AC1D3392FA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-5-0-4-sql-injection-sqli-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json index 58a63d34e6f..1fbd4c78d04 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json @@ -2,15 +2,42 @@ "id": "CVE-2022-46849", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.623", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:36:18.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Weblizar Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode permite la inyecci\u00f3n de SQL. Este problema afecta Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode: desde n/ a hasta 1.5.9." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weblizar:responsive_coming_soon_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.0", + "matchCriteriaId": "1D094AB8-49B9-4C4A-964B-A5ABD70CECA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-plugin-1-5-8-sql-injection-sqli-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json index 77595d20fd3..fbf2e322f52 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46860", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.690", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:35:56.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en KaizenCoders Short URL permite la inyecci\u00f3n SQL. Este problema afecta Short URL: desde n/a hasta 1.6.4." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.5", + "matchCriteriaId": "A05A21BD-07F2-4C72-AFB8-9493A92A4DDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/shorten-url/wordpress-short-url-plugin-1-6-4-sql-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json index f43595ae281..9c6d93bb1cf 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47420", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.757", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:35:47.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adaplugin:accessibility_suite_by_online_ada:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.11", + "matchCriteriaId": "5086E689-7C3C-43F6-A204-461ED5D293F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json index 7d0d99f9b64..b1732faf459 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47428", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.830", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:35:13.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en WpDevArt Booking calendar, Appointment Booking System permite la inyecci\u00f3n de SQL. Este problema afecta Booking calendar, Appointment Booking System: desde n/a hasta 3.2.7." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdevart:booking_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.8", + "matchCriteriaId": "58B431A8-5141-418D-AB25-962A11D8051C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-6-sql-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json index 637c0eebacd..fc53bcbc822 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47430", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.893", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:29:59.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Weblizar The School Management \u2013 Education & Learning Management permite la inyecci\u00f3n SQL. Este problema afecta a The School Management \u2013 Education & Learning Management: desde n/a hasta 4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weblizar:school_management_-_education_\\&_learning_management:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.2", + "matchCriteriaId": "F5856D7E-AFF3-4180-BD74-2E43B7473F27" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/school-management-system/wordpress-the-school-management-plugin-4-1-sql-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json index 686165be715..0102d6420f1 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47432", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T08:15:21.963", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:30:04.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en Kemal YAZICI - PluginPress Shortcode IMDB permite la inyecci\u00f3n SQL. Este problema afecta a Shortcode IMDB: desde n/a hasta 6.0.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kemalyazici:shortcode_imdb:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.0.8", + "matchCriteriaId": "12ED0824-6400-40E6-8C99-E49F243CD0FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-sql-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20031.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20031.json index 72cf6f8f266..dce5c585241 100644 --- a/CVE-2023/CVE-2023-200xx/CVE-2023-20031.json +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20031.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20031", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T18:15:08.770", - "lastModified": "2023-11-01T18:17:43.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:57:46.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el manejo de certificados SSL/TLS de la integraci\u00f3n del motor de detecci\u00f3n Snort 3 con el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque que el motor de detecci\u00f3n Snort 3 se reinicie. Esta vulnerabilidad se debe a un error l\u00f3gico que ocurre cuando se accede a un certificado SSL/TLS que est\u00e1 bajo carga cuando se inicia una conexi\u00f3n SSL. Bajo limitaciones espec\u00edficas basadas en el tiempo, un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una alta tasa de solicitudes de conexi\u00f3n SSL/TLS para ser inspeccionadas por el motor de detecci\u00f3n Snort 3 en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el motor de detecci\u00f3n de Snort 3 se recargue, lo que resultar\u00eda en una condici\u00f3n de omisi\u00f3n o Denegaci\u00f3n de Servicio (DoS), dependiendo de la configuraci\u00f3n del dispositivo. El motor de detecci\u00f3n de Snort se reiniciar\u00e1 autom\u00e1ticamente. No se requiere intervenci\u00f3n manual." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.7 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,113 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20042.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20042.json index 531ad5ae0dd..70e1b3b47fe 100644 --- a/CVE-2023/CVE-2023-200xx/CVE-2023-20042.json +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20042.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20042", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T18:15:08.843", - "lastModified": "2023-11-01T18:17:43.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:56:45.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n AnyConnect SSL VPN del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un error de implementaci\u00f3n dentro del proceso de manejo de sesiones SSL/TLS que puede impedir la liberaci\u00f3n de un controlador de sesi\u00f3n en condiciones espec\u00edficas. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico SSL/TLS manipulado a un dispositivo afectado, lo que aumenta la probabilidad de fugas del controlador de sesi\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante agotar eventualmente el grupo de controladores de sesiones disponible, impidiendo que se establezcan nuevas sesiones y provocando una condici\u00f3n DoS." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,302 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*", + "matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*", + "matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*", + "matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*", + "matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*", + "matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*", + "matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*", + "matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "853A002C-839A-4372-8485-750A86E9F6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:*:*:*:*:*:*:*", + "matchCriteriaId": "C62BB5D6-CE75-4C83-82DC-4148EF8CB1F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:*:*:*:*:*:*:*", + "matchCriteriaId": "D32F1365-EAF8-4570-B2FF-45E47E8586F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:*:*:*:*:*:*:*", + "matchCriteriaId": "DFD07F9B-6BB3-4423-8DBE-4E89A6478E65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "34FE4F28-B704-4325-AE8A-C790163FEE71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*", + "matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*", + "matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "959107AC-E9EC-467C-901B-A3164E3762E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:*:*:*:*:*:*:*", + "matchCriteriaId": "6F944F8F-0255-42BE-BD44-D21EC9F0FFC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:*:*:*:*:*:*:*", + "matchCriteriaId": "0F39C535-5A41-47CE-A9CF-B360998D4BF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "E9CEAEFC-7B82-41F9-A09D-C86A3A60A4FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:*:*:*:*:*:*:*", + "matchCriteriaId": "40FAC31D-19C0-4BA0-A019-C7E7A0BA0B5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*", + "matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*", + "matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-kxG8mpUA", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20070.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20070.json index 0a21d6fa149..81ed7c03d8b 100644 --- a/CVE-2023/CVE-2023-200xx/CVE-2023-20070.json +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20070.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20070", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T18:15:09.027", - "lastModified": "2023-11-01T18:17:43.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:19:14.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la implementaci\u00f3n de TLS 1.3 del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque que el motor de detecci\u00f3n Snort 3 se reinicie inesperadamente. Esta vulnerabilidad se debe a un error l\u00f3gico en c\u00f3mo se manejan las asignaciones de memoria durante una sesi\u00f3n TLS 1.3. Bajo limitaciones de tiempo espec\u00edficas, un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una secuencia de mensajes TLS 1.3 manipulada a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el motor de detecci\u00f3n de Snort 3 se recargue, lo que resultar\u00eda en una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). Mientras el motor de detecci\u00f3n de Snort se recarga, los paquetes que pasan por el dispositivo FTD y se env\u00edan al motor de detecci\u00f3n de Snort se descartar\u00e1n. El motor de detecci\u00f3n de Snort se reiniciar\u00e1 autom\u00e1ticamente. No se requiere intervenci\u00f3n manual." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,47 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-uAnUntcV", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20244.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20244.json index d270c77c753..9322476c07f 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20244.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20244.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20244", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T17:15:11.577", - "lastModified": "2023-11-01T17:16:31.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:56:16.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el procesamiento interno de paquetes del software Cisco Firepower Threat Defense (FTD) para los firewalls Cisco Firepower serie 2100 podr\u00eda permitir que un atacante remoto no autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe al manejo inadecuado de ciertos paquetes cuando se env\u00edan al motor de inspecci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una serie de paquetes manipulados a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante agotar los bloques de 9472 bytes del dispositivo, lo que provocar\u00eda una p\u00e9rdida de tr\u00e1fico en el dispositivo o una recarga inesperada del mismo. Si el dispositivo no se recarga por s\u00ed solo, ser\u00e1 necesaria una recarga manual del dispositivo para recuperarse de este estado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,414 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0FAD2427-82A3-4E64-ADB5-FA4F40B568F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "08D5A647-AC21-40AC-8B3C-EE5D3EDA038A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "0BAE999A-5244-46CF-8C12-D68E789BDEE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D6468D3D-C5A7-4FAE-B4B9-AD862CD11055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D6E4808D-592E-46A6-A83A-A46227D817B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1AB45136-ACCD-4230-8975-0EBB30D5B375" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "B2C39AC1-1B96-4253-9FC8-4CC26D6261F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.8:*:*:*:*:*:*:*", + "matchCriteriaId": "DE9102C8-F211-4E50-967F-FD51C7FC904F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "B4933642-89E5-4909-AD3C-862CD3B77790" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A9A6C776-79B3-47ED-B013-100B8F08E1C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "E504F28A-44CE-4B3E-9330-6A98728E3AEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.12:*:*:*:*:*:*:*", + "matchCriteriaId": "FEA0DD43-D206-4C1C-8B17-DA47F96B3BAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "1983172D-4F52-479F-BF14-A84B92D36864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "4122D982-A57A-4249-A8DC-CE9FC6C98803" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "96464380-F665-4266-B0AD-693E078C9F82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*", + "matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*", + "matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6E6BD0EE-649E-4ED6-A09C-8364335DEF52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "1AE11554-FE3C-4C8B-8986-5D88E4967342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "E1C11983-22A8-4859-A240-571A7815FF54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "24CD0B0A-2B91-45DD-9522-8D1D3850CC9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B7026F0E-72A7-4CDF-BADC-E34FE6FADC51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "63B85369-FBAE-456C-BC99-5418B043688A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "86434346-D5F0-49BA-803E-244C3266E361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D2FA7B3C-002D-4755-B323-CA24B770A5B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "F1CB7EBC-F3D5-4855-A8D8-BA5AB21FD719" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*", + "matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.13:*:*:*:*:*:*:*", + "matchCriteriaId": "4D975CBA-7F01-4A4C-991B-9571410C4F07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*", + "matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.15:*:*:*:*:*:*:*", + "matchCriteriaId": "D2EFA476-5021-4A00-859E-1643009D6156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.16:*:*:*:*:*:*:*", + "matchCriteriaId": "E6E3A5DC-A237-46E4-A4E5-F135482F984A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*", + "matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D46E2E00-BA86-4002-B67B-2C1A6C1AAAE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "91AD8BA2-EB8D-4D8B-B707-AF5C2A831998" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", + "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", + "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20245.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20245.json index 7e90e08fb74..0b4733cc55b 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20245.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20245.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20245", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T17:15:11.643", - "lastModified": "2023-11-01T17:16:31.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:58:22.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected." + }, + { + "lang": "es", + "value": "M\u00faltiples vulnerabilidades en la funci\u00f3n de anulaci\u00f3n por usuario del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00edan permitir que un atacante remoto no autenticado omita una Lista de Control de Acceso (ACL) configurada y permita el tr\u00e1fico que deber\u00eda se le negar\u00e1 el flujo a trav\u00e9s de un dispositivo afectado. Estas vulnerabilidades se deben a un error l\u00f3gico que podr\u00eda ocurrir cuando el software afectado construye y aplica reglas de anulaci\u00f3n por usuario. Un atacante podr\u00eda aprovechar estas vulnerabilidades conect\u00e1ndose a una red a trav\u00e9s de un dispositivo afectado que tenga una configuraci\u00f3n vulnerable. Un exploit exitoso podr\u00eda permitir al atacante omitir la ACL de la interfaz y acceder a recursos que deber\u00edan estar protegidos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,1097 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "AF894850-39EC-4B57-BBFF-F1AB4F8389A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.16:*:*:*:*:*:*:*", + "matchCriteriaId": "E1FAFCF9-0ABE-483E-9604-329762BB7870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "83DB4278-3126-4765-97C4-6C0A8C78DA78" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.21:*:*:*:*:*:*:*", + "matchCriteriaId": "174E631B-6099-47DE-8790-BBF4B7FDB8CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.26:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE3538B-F612-4105-BFDE-A4B594482DCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.3.29:*:*:*:*:*:*:*", + "matchCriteriaId": "3143B0FF-C855-485E-A908-E48974B1643C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "26DD9992-6D98-4E03-9599-ECF38A186FBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "24DCEAE6-355B-40AE-A7C8-AF744FCA8A86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "2097E81E-B422-4B93-AF09-F300A0E8AF71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "454DEA31-A607-4054-82D3-24A4FEB7358F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "57F0B213-8187-4465-84F1-FB8D92B36020" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "E540771E-BA0B-42D1-8251-B576B0F142C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "BEC2A833-BECF-4000-A592-6113A84C2D20" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.17:*:*:*:*:*:*:*", + "matchCriteriaId": "077F1416-924A-4D25-9CEE-3BD66A96A019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.20:*:*:*:*:*:*:*", + "matchCriteriaId": "5BDC8D92-D6E0-40EE-B190-D2B32C7DEB75" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.22:*:*:*:*:*:*:*", + "matchCriteriaId": "23CD5619-E534-4F40-998D-39DC19FA0451" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.25:*:*:*:*:*:*:*", + "matchCriteriaId": "C5D0EB11-14B1-44B3-8D46-B9DD872F772C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.26:*:*:*:*:*:*:*", + "matchCriteriaId": "4FA399CF-12DB-42E0-A66F-14508B52A453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.29:*:*:*:*:*:*:*", + "matchCriteriaId": "7B5A7608-E737-420E-9B5E-836600DAC701" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.32:*:*:*:*:*:*:*", + "matchCriteriaId": "C7EB6801-336D-4F41-ADE7-1C58C63C3F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.33:*:*:*:*:*:*:*", + "matchCriteriaId": "8413DA41-02A5-4269-8C88-9DD5076AF91B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.34:*:*:*:*:*:*:*", + "matchCriteriaId": "AA00285F-6914-4749-8A47-FC4EDAFFF3C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.35:*:*:*:*:*:*:*", + "matchCriteriaId": "4AA4D367-32B9-4F54-8352-A959F61A1FDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.39:*:*:*:*:*:*:*", + "matchCriteriaId": "2259FF9E-0C8B-440F-B1AC-51BDE3F60E68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.40:*:*:*:*:*:*:*", + "matchCriteriaId": "3C522B55-904D-4C08-B73E-1457D877C0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.41:*:*:*:*:*:*:*", + "matchCriteriaId": "4483056A-FBF3-4E00-81EB-1E97334EF240" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.43:*:*:*:*:*:*:*", + "matchCriteriaId": "48677330-06AB-4C7F-B2AD-F7E465A9632A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.44:*:*:*:*:*:*:*", + "matchCriteriaId": "7AEA80D2-5DB8-4334-9A88-7DDE395832C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.45:*:*:*:*:*:*:*", + "matchCriteriaId": "FB1C38A5-1028-4AD3-8CC7-A00091091E76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.46:*:*:*:*:*:*:*", + "matchCriteriaId": "848147B2-C49A-43F6-9069-FC8885BDFDA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.48:*:*:*:*:*:*:*", + "matchCriteriaId": "D6FEF0DA-741E-4361-8143-068EB47D6520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F002FD55-F881-450E-BC1B-8073E188F47E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AA940C4F-13BB-465F-BB8D-CBD0109BF012" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "8B0434F5-9A50-4B57-9C5B-E09415D098C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AE727035-06CB-4E37-A9D2-96BD54502120" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE52B81-2CF8-48E5-A7BA-A163A25A669B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E8D7C9-5272-40E6-869B-B33959F9F0CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FE8D5D71-5C85-4644-8A84-F073549ADB50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.2.9:*:*:*:*:*:*:*", + "matchCriteriaId": "0790DDC2-7BA0-42DC-A157-754C0CBBE178" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3:*:*:*:*:*:*:*", + "matchCriteriaId": "882394EA-70C8-4D86-9AEF-5D273D8E518C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "855AD3CC-F404-48C5-80D2-7F2765D16D72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "26B6BF72-9124-4213-B3C0-BD31B46E8C91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "DE8FBE89-8FDA-4B9B-BA1A-90FFD482A585" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.3.12:*:*:*:*:*:*:*", + "matchCriteriaId": "149C3872-8DA9-48DD-ADD0-2E84C1A76A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D2D33E8C-294A-4C43-8DB6-9DA9F61F0B3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "7E23ACB0-DF8B-4672-A819-4DCD3104CE4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "E4723B88-62BA-40E6-AA89-BAC02D6A036F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "7C698819-3C8E-4A16-8F52-42FF1E54C076" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "8D3CE74E-59E7-448A-8417-18F97C05C798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "0986C171-0E75-4F6F-A9BD-276830104E5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "66A2777A-7831-4324-AEB2-5D93B5F6C04B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.18:*:*:*:*:*:*:*", + "matchCriteriaId": "37045680-9189-4B7F-A4F7-4E682FE20A09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.24:*:*:*:*:*:*:*", + "matchCriteriaId": "B6C9F37B-CF3C-4861-A969-C7CF4946274A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.26:*:*:*:*:*:*:*", + "matchCriteriaId": "6A1DAF21-3FED-4691-9D4C-8FD8CEA7FB3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.29:*:*:*:*:*:*:*", + "matchCriteriaId": "FB938E58-4963-4A31-8836-88E958592B30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.30:*:*:*:*:*:*:*", + "matchCriteriaId": "1E317897-EE97-44F3-96BB-E54228D72A7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.35:*:*:*:*:*:*:*", + "matchCriteriaId": "1EF7FAB2-158D-4C48-9246-E7AD3BF1D801" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.37:*:*:*:*:*:*:*", + "matchCriteriaId": "056D43AE-ECDB-40D2-A196-18DDCD02629E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.38:*:*:*:*:*:*:*", + "matchCriteriaId": "D3E555F3-3580-4D71-8D8D-92FE72763D62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.39:*:*:*:*:*:*:*", + "matchCriteriaId": "93013503-8B9A-4160-AF7E-277958FA6E9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.40:*:*:*:*:*:*:*", + "matchCriteriaId": "A3B009FD-0F2B-4511-8EDF-C3E670623F89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.41:*:*:*:*:*:*:*", + "matchCriteriaId": "52579D8D-E855-42B3-B406-32DD1C39F721" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.47:*:*:*:*:*:*:*", + "matchCriteriaId": "E7E44FC6-12A2-4F76-A095-28F3804B619F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.48:*:*:*:*:*:*:*", + "matchCriteriaId": "42917E5E-E362-4B40-B2B2-3C77BA35641C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.50:*:*:*:*:*:*:*", + "matchCriteriaId": "CF317FA3-EBF3-49BB-A9E6-0D4295FA3F60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.52:*:*:*:*:*:*:*", + "matchCriteriaId": "F98B1683-914F-43D3-AE1C-311D3A90BE8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.54:*:*:*:*:*:*:*", + "matchCriteriaId": "A8D24656-CAB1-4A98-A440-482927FEDD16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.55:*:*:*:*:*:*:*", + "matchCriteriaId": "E504557C-DA5D-4D0F-A813-4CE7D5109F15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.56:*:*:*:*:*:*:*", + "matchCriteriaId": "04D2A067-C717-4921-BBF5-3EFBE02736EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1:*:*:*:*:*:*:*", + "matchCriteriaId": "52D83C3A-ED0B-42D5-A08A-97D27E189875" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "A649E319-D408-4AA2-8293-C9E37AF14BA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*", + "matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*", + "matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*", + "matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*", + "matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*", + "matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4:*:*:*:*:*:*:*", + "matchCriteriaId": "FE0D50C0-DADB-4747-8649-8A5257111FE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FEE2699F-353F-44CB-A778-981783DDC31F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "7D8E50BD-1FBD-483B-9C27-70E95C732E55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "F46E5E4F-787C-4C05-B1E7-C39BB9125D16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "D6A29312-38E7-456B-94DD-4D7329691114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "27F7BB31-C733-4C32-BF0F-33B5AF020156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "DC313568-33A6-435B-98FF-8A7091D9C451" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.17:*:*:*:*:*:*:*", + "matchCriteriaId": "7F85710A-28CE-4913-8523-356461908FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.22:*:*:*:*:*:*:*", + "matchCriteriaId": "D6069950-016B-419A-B754-D58956CB6D14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.23:*:*:*:*:*:*:*", + "matchCriteriaId": "5A2F3FEC-624F-47C5-B056-836861BB038A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*", + "matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*", + "matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*", + "matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*", + "matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*", + "matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*", + "matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*", + "matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*", + "matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*", + "matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*", + "matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "853A002C-839A-4372-8485-750A86E9F6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:*:*:*:*:*:*:*", + "matchCriteriaId": "C62BB5D6-CE75-4C83-82DC-4148EF8CB1F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:*:*:*:*:*:*:*", + "matchCriteriaId": "D32F1365-EAF8-4570-B2FF-45E47E8586F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:*:*:*:*:*:*:*", + "matchCriteriaId": "DFD07F9B-6BB3-4423-8DBE-4E89A6478E65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "34FE4F28-B704-4325-AE8A-C790163FEE71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "E832BC0C-8439-4779-9064-C2D93F231031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.18:*:*:*:*:*:*:*", + "matchCriteriaId": "FA99DF94-D031-4375-9A16-306606FE28F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*", + "matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*", + "matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "959107AC-E9EC-467C-901B-A3164E3762E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:*:*:*:*:*:*:*", + "matchCriteriaId": "6F944F8F-0255-42BE-BD44-D21EC9F0FFC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:*:*:*:*:*:*:*", + "matchCriteriaId": "0F39C535-5A41-47CE-A9CF-B360998D4BF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "E9CEAEFC-7B82-41F9-A09D-C86A3A60A4FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:*:*:*:*:*:*:*", + "matchCriteriaId": "40FAC31D-19C0-4BA0-A019-C7E7A0BA0B5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.30:*:*:*:*:*:*:*", + "matchCriteriaId": "6CAAFE0F-416F-4BCA-BA37-30EAEADA8AFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*", + "matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "88E310BF-F1F6-4124-A875-81967B9B531E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5B330F8F-F0DA-472C-A932-AD1D232C7DB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*", + "matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "20D7966E-B02B-48C8-BF96-723DD6C25314" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.9:*:*:*:*:*:*:*", + "matchCriteriaId": "FA618249-E76F-4104-9326-C9F2DC8DE3D7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "0BAE999A-5244-46CF-8C12-D68E789BDEE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D6468D3D-C5A7-4FAE-B4B9-AD862CD11055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D6E4808D-592E-46A6-A83A-A46227D817B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1AB45136-ACCD-4230-8975-0EBB30D5B375" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "B2C39AC1-1B96-4253-9FC8-4CC26D6261F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.8:*:*:*:*:*:*:*", + "matchCriteriaId": "DE9102C8-F211-4E50-967F-FD51C7FC904F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "B4933642-89E5-4909-AD3C-862CD3B77790" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A9A6C776-79B3-47ED-B013-100B8F08E1C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "E504F28A-44CE-4B3E-9330-6A98728E3AEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.12:*:*:*:*:*:*:*", + "matchCriteriaId": "FEA0DD43-D206-4C1C-8B17-DA47F96B3BAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "1983172D-4F52-479F-BF14-A84B92D36864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "4122D982-A57A-4249-A8DC-CE9FC6C98803" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "96464380-F665-4266-B0AD-693E078C9F82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*", + "matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*", + "matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6E6BD0EE-649E-4ED6-A09C-8364335DEF52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "1AE11554-FE3C-4C8B-8986-5D88E4967342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "E1C11983-22A8-4859-A240-571A7815FF54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "24CD0B0A-2B91-45DD-9522-8D1D3850CC9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B7026F0E-72A7-4CDF-BADC-E34FE6FADC51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "63B85369-FBAE-456C-BC99-5418B043688A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "86434346-D5F0-49BA-803E-244C3266E361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D2FA7B3C-002D-4755-B323-CA24B770A5B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "F1CB7EBC-F3D5-4855-A8D8-BA5AB21FD719" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*", + "matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.13:*:*:*:*:*:*:*", + "matchCriteriaId": "4D975CBA-7F01-4A4C-991B-9571410C4F07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*", + "matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.15:*:*:*:*:*:*:*", + "matchCriteriaId": "D2EFA476-5021-4A00-859E-1643009D6156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.16:*:*:*:*:*:*:*", + "matchCriteriaId": "E6E3A5DC-A237-46E4-A4E5-F135482F984A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*", + "matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D46E2E00-BA86-4002-B67B-2C1A6C1AAAE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "91AD8BA2-EB8D-4D8B-B707-AF5C2A831998" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ac-acl-bypass-bwd7q6Gb", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20256.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20256.json index 3565713b867..13a17446b48 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20256.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20256.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20256", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T17:15:11.717", - "lastModified": "2023-11-01T17:16:31.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:20:34.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected." + }, + { + "lang": "es", + "value": "M\u00faltiples vulnerabilidades en la funci\u00f3n de anulaci\u00f3n por usuario del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00edan permitir que un atacante remoto no autenticado omita una Lista de Control de Acceso (ACL) configurada y permita el tr\u00e1fico que deber\u00eda se le negar\u00e1 el flujo a trav\u00e9s de un dispositivo afectado. Estas vulnerabilidades se deben a un error l\u00f3gico que podr\u00eda ocurrir cuando el software afectado construye y aplica reglas de anulaci\u00f3n por usuario. Un atacante podr\u00eda aprovechar estas vulnerabilidades conect\u00e1ndose a una red a trav\u00e9s de un dispositivo afectado que tenga una configuraci\u00f3n vulnerable. Un exploit exitoso podr\u00eda permitir al atacante omitir la ACL de la interfaz y acceder a recursos que deber\u00edan estar protegidos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,807 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.22:*:*:*:*:*:*:*", + "matchCriteriaId": "23CD5619-E534-4F40-998D-39DC19FA0451" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.25:*:*:*:*:*:*:*", + "matchCriteriaId": "C5D0EB11-14B1-44B3-8D46-B9DD872F772C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.26:*:*:*:*:*:*:*", + "matchCriteriaId": "4FA399CF-12DB-42E0-A66F-14508B52A453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.29:*:*:*:*:*:*:*", + "matchCriteriaId": "7B5A7608-E737-420E-9B5E-836600DAC701" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.32:*:*:*:*:*:*:*", + "matchCriteriaId": "C7EB6801-336D-4F41-ADE7-1C58C63C3F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.33:*:*:*:*:*:*:*", + "matchCriteriaId": "8413DA41-02A5-4269-8C88-9DD5076AF91B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.34:*:*:*:*:*:*:*", + "matchCriteriaId": "AA00285F-6914-4749-8A47-FC4EDAFFF3C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.35:*:*:*:*:*:*:*", + "matchCriteriaId": "4AA4D367-32B9-4F54-8352-A959F61A1FDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.39:*:*:*:*:*:*:*", + "matchCriteriaId": "2259FF9E-0C8B-440F-B1AC-51BDE3F60E68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.40:*:*:*:*:*:*:*", + "matchCriteriaId": "3C522B55-904D-4C08-B73E-1457D877C0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.41:*:*:*:*:*:*:*", + "matchCriteriaId": "4483056A-FBF3-4E00-81EB-1E97334EF240" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.43:*:*:*:*:*:*:*", + "matchCriteriaId": "48677330-06AB-4C7F-B2AD-F7E465A9632A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.44:*:*:*:*:*:*:*", + "matchCriteriaId": "7AEA80D2-5DB8-4334-9A88-7DDE395832C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.45:*:*:*:*:*:*:*", + "matchCriteriaId": "FB1C38A5-1028-4AD3-8CC7-A00091091E76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.46:*:*:*:*:*:*:*", + "matchCriteriaId": "848147B2-C49A-43F6-9069-FC8885BDFDA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8.4.48:*:*:*:*:*:*:*", + "matchCriteriaId": "D6FEF0DA-741E-4361-8143-068EB47D6520" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "7E23ACB0-DF8B-4672-A819-4DCD3104CE4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "E4723B88-62BA-40E6-AA89-BAC02D6A036F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "7C698819-3C8E-4A16-8F52-42FF1E54C076" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "8D3CE74E-59E7-448A-8417-18F97C05C798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "0986C171-0E75-4F6F-A9BD-276830104E5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "66A2777A-7831-4324-AEB2-5D93B5F6C04B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.18:*:*:*:*:*:*:*", + "matchCriteriaId": "37045680-9189-4B7F-A4F7-4E682FE20A09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.24:*:*:*:*:*:*:*", + "matchCriteriaId": "B6C9F37B-CF3C-4861-A969-C7CF4946274A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.26:*:*:*:*:*:*:*", + "matchCriteriaId": "6A1DAF21-3FED-4691-9D4C-8FD8CEA7FB3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.29:*:*:*:*:*:*:*", + "matchCriteriaId": "FB938E58-4963-4A31-8836-88E958592B30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.30:*:*:*:*:*:*:*", + "matchCriteriaId": "1E317897-EE97-44F3-96BB-E54228D72A7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.35:*:*:*:*:*:*:*", + "matchCriteriaId": "1EF7FAB2-158D-4C48-9246-E7AD3BF1D801" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.37:*:*:*:*:*:*:*", + "matchCriteriaId": "056D43AE-ECDB-40D2-A196-18DDCD02629E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.38:*:*:*:*:*:*:*", + "matchCriteriaId": "D3E555F3-3580-4D71-8D8D-92FE72763D62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.39:*:*:*:*:*:*:*", + "matchCriteriaId": "93013503-8B9A-4160-AF7E-277958FA6E9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.40:*:*:*:*:*:*:*", + "matchCriteriaId": "A3B009FD-0F2B-4511-8EDF-C3E670623F89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.41:*:*:*:*:*:*:*", + "matchCriteriaId": "52579D8D-E855-42B3-B406-32DD1C39F721" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.47:*:*:*:*:*:*:*", + "matchCriteriaId": "E7E44FC6-12A2-4F76-A095-28F3804B619F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.48:*:*:*:*:*:*:*", + "matchCriteriaId": "42917E5E-E362-4B40-B2B2-3C77BA35641C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.50:*:*:*:*:*:*:*", + "matchCriteriaId": "CF317FA3-EBF3-49BB-A9E6-0D4295FA3F60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.52:*:*:*:*:*:*:*", + "matchCriteriaId": "F98B1683-914F-43D3-AE1C-311D3A90BE8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.54:*:*:*:*:*:*:*", + "matchCriteriaId": "A8D24656-CAB1-4A98-A440-482927FEDD16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.55:*:*:*:*:*:*:*", + "matchCriteriaId": "E504557C-DA5D-4D0F-A813-4CE7D5109F15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.12.4.56:*:*:*:*:*:*:*", + "matchCriteriaId": "04D2A067-C717-4921-BBF5-3EFBE02736EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*", + "matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*", + "matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*", + "matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*", + "matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*", + "matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4:*:*:*:*:*:*:*", + "matchCriteriaId": "FE0D50C0-DADB-4747-8649-8A5257111FE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "FEE2699F-353F-44CB-A778-981783DDC31F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "7D8E50BD-1FBD-483B-9C27-70E95C732E55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "F46E5E4F-787C-4C05-B1E7-C39BB9125D16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.13:*:*:*:*:*:*:*", + "matchCriteriaId": "D6A29312-38E7-456B-94DD-4D7329691114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "27F7BB31-C733-4C32-BF0F-33B5AF020156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.15:*:*:*:*:*:*:*", + "matchCriteriaId": "DC313568-33A6-435B-98FF-8A7091D9C451" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.17:*:*:*:*:*:*:*", + "matchCriteriaId": "7F85710A-28CE-4913-8523-356461908FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.22:*:*:*:*:*:*:*", + "matchCriteriaId": "D6069950-016B-419A-B754-D58956CB6D14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.4.23:*:*:*:*:*:*:*", + "matchCriteriaId": "5A2F3FEC-624F-47C5-B056-836861BB038A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*", + "matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*", + "matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*", + "matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*", + "matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1.28:*:*:*:*:*:*:*", + "matchCriteriaId": "F6560447-039C-40FA-A24D-C8994AC2743B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2:*:*:*:*:*:*:*", + "matchCriteriaId": "378ED826-F5FE-40BA-9FC0-9C185A13518B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "130B6FD9-764D-4EF8-91AA-37E52AE9B3E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "225861CE-FFF8-4AFA-A07B-CB8D5BC9C361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.11:*:*:*:*:*:*:*", + "matchCriteriaId": "FD08C4E8-3ADB-4048-9B3C-4F0385201523" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.13:*:*:*:*:*:*:*", + "matchCriteriaId": "A4875811-F209-49ED-B310-8377B2F87FF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.2.14:*:*:*:*:*:*:*", + "matchCriteriaId": "99C52C7B-B626-4A3C-A2EC-28A20E7FA95F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3:*:*:*:*:*:*:*", + "matchCriteriaId": "08CCBF5E-257A-4A1F-8930-3643A9588838" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "782BC9ED-1395-472B-9F34-DED812AA5BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "153449C0-B93F-49A2-8A6A-BE84305E8D2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "853A002C-839A-4372-8485-750A86E9F6E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.19:*:*:*:*:*:*:*", + "matchCriteriaId": "C62BB5D6-CE75-4C83-82DC-4148EF8CB1F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.3.23:*:*:*:*:*:*:*", + "matchCriteriaId": "D32F1365-EAF8-4570-B2FF-45E47E8586F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4:*:*:*:*:*:*:*", + "matchCriteriaId": "DFD07F9B-6BB3-4423-8DBE-4E89A6478E65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "34FE4F28-B704-4325-AE8A-C790163FEE71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.4.14:*:*:*:*:*:*:*", + "matchCriteriaId": "E832BC0C-8439-4779-9064-C2D93F231031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1:*:*:*:*:*:*:*", + "matchCriteriaId": "27ACBA2A-87A7-4836-A474-AFD7D22F820D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "C73E0B2E-BABF-4998-A1D7-4E803F9D78AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.9:*:*:*:*:*:*:*", + "matchCriteriaId": "59306ADF-FAA6-4970-ADFB-C5D9A5AEF1AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "959107AC-E9EC-467C-901B-A3164E3762E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.11:*:*:*:*:*:*:*", + "matchCriteriaId": "6F944F8F-0255-42BE-BD44-D21EC9F0FFC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.13:*:*:*:*:*:*:*", + "matchCriteriaId": "0F39C535-5A41-47CE-A9CF-B360998D4BF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.15:*:*:*:*:*:*:*", + "matchCriteriaId": "E9CEAEFC-7B82-41F9-A09D-C86A3A60A4FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.20:*:*:*:*:*:*:*", + "matchCriteriaId": "40FAC31D-19C0-4BA0-A019-C7E7A0BA0B5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.17.1.30:*:*:*:*:*:*:*", + "matchCriteriaId": "6CAAFE0F-416F-4BCA-BA37-30EAEADA8AFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*", + "matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "88E310BF-F1F6-4124-A875-81967B9B531E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5B330F8F-F0DA-472C-A932-AD1D232C7DB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*", + "matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "20D7966E-B02B-48C8-BF96-723DD6C25314" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*", + "matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*", + "matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*", + "matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.13:*:*:*:*:*:*:*", + "matchCriteriaId": "4D975CBA-7F01-4A4C-991B-9571410C4F07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.14:*:*:*:*:*:*:*", + "matchCriteriaId": "B6D7AF29-4E08-4BFD-AFE0-994309E66F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.15:*:*:*:*:*:*:*", + "matchCriteriaId": "D2EFA476-5021-4A00-859E-1643009D6156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.16:*:*:*:*:*:*:*", + "matchCriteriaId": "E6E3A5DC-A237-46E4-A4E5-F135482F984A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*", + "matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D46E2E00-BA86-4002-B67B-2C1A6C1AAAE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "91AD8BA2-EB8D-4D8B-B707-AF5C2A831998" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "FBA2DFE7-F478-46EC-9832-4B2C738FC879" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ac-acl-bypass-bwd7q6Gb", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20270.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20270.json index 13383d9fffd..0d53e054b17 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20270.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20270.json @@ -2,16 +2,40 @@ "id": "CVE-2023-20270", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-11-01T17:15:11.783", - "lastModified": "2023-11-01T17:16:31.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:18:39.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interacci\u00f3n entre el preprocesador del protocolo Server Message Block (SMB) y el motor de detecci\u00f3n Snort 3 para el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado omita las pol\u00edticas configuradas o provoque una Denegaci\u00f3n de Servicio (DoS) condici\u00f3n en un dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n de errores incorrecta cuando el motor de detecci\u00f3n de Snort 3 procesa el tr\u00e1fico SMB. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un flujo de paquetes SMB manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el proceso Snort se recargue, lo que resultar\u00eda en una condici\u00f3n DoS." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +58,97 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "469EA365-DED5-4436-AAC2-5553529DE700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94F400-5A35-41F5-B37F-E9DA6F87ED8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16FD5D12-CF1A-4990-99B3-1840EFBA5611" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F788D156-1F1F-4A08-848B-257BC4CCE000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "795ED164-7800-4D50-8E37-665BE30190D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1B0664B8-1670-4F47-A01E-089D05A9618A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EBC0C3DC-4761-488A-90A9-6EA45EE61526" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "62EE065B-F8B6-4125-8486-B2EE0566B27A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-smbsnort3-dos-pfOjOYUV", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json index f21e59f8a3d..eb2553252e5 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23702.json @@ -2,15 +2,42 @@ "id": "CVE-2023-23702", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:07.827", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:27:43.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <=\u00a01.1.7 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Pixelgrade Comments Ratings en versiones <= 1.1.7." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pixelgrade:comments_rating:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.7", + "matchCriteriaId": "275A0A08-5E2B-4198-9519-55DE38DAFB52" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24585.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24585.json index 5ffd0c94e36..38fa7615ef5 100644 --- a/CVE-2023/CVE-2023-245xx/CVE-2023-24585.json +++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24585.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24585", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-11-14T10:15:26.303", - "lastModified": "2023-11-14T10:15:26.303", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-251xx/CVE-2023-25181.json b/CVE-2023/CVE-2023-251xx/CVE-2023-25181.json index 34ef996198a..9c77b54152a 100644 --- a/CVE-2023/CVE-2023-251xx/CVE-2023-25181.json +++ b/CVE-2023/CVE-2023-251xx/CVE-2023-25181.json @@ -2,12 +2,16 @@ "id": "CVE-2023-25181", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-11-14T10:15:26.740", - "lastModified": "2023-11-14T10:15:26.740", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27882.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27882.json index fbfc227987b..32665b71521 100644 --- a/CVE-2023/CVE-2023-278xx/CVE-2023-27882.json +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27882.json @@ -2,12 +2,16 @@ "id": "CVE-2023-27882", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-11-14T10:15:27.113", - "lastModified": "2023-11-14T10:15:27.113", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad de l\u00edmite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28379.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28379.json index 931d1aeb926..a92d1b3831e 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28379.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28379.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28379", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-11-14T10:15:27.540", - "lastModified": "2023-11-14T10:15:27.540", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de l\u00edmite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28391.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28391.json index b3d32442eb7..b81b26461c8 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28391.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28391.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28391", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-11-14T10:15:27.937", - "lastModified": "2023-11-14T10:15:27.937", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de an\u00e1lisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json index 40f2a068e44..adb7c361d6a 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28794", "sourceIdentifier": "cve@zscaler.com", "published": "2023-11-06T08:15:22.037", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:29:43.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve@zscaler.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + }, { "source": "cve@zscaler.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "1.3.1.6", + "matchCriteriaId": "58F93164-0E8D-4DDC-BE4E-8D09CC32B322" + } + ] + } + ] + } + ], "references": [ { "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19", - "source": "cve@zscaler.com" + "source": "cve@zscaler.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31247.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31247.json index 90f58f34749..8bb35da249f 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31247.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31247.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31247", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-11-14T10:15:28.393", - "lastModified": "2023-11-14T10:15:28.393", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de an\u00e1lisis de encabezados de HTTP Server Host de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31403.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31403.json index 3c51b6f4321..deb8c932907 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31403.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31403.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31403", "sourceIdentifier": "cna@sap.com", "published": "2023-11-14T01:15:07.413", - "lastModified": "2023-11-14T01:15:07.413", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.\n\n" + }, + { + "lang": "es", + "value": "La instalaci\u00f3n de SAP Business One versi\u00f3n 10.0, no realiza comprobaciones de autenticaci\u00f3n y autorizaci\u00f3n adecuadas para la carpeta compartida SMB. Como resultado, cualquier usuario malintencionado puede leer y escribir en la carpeta compartida de SMB. Adem\u00e1s, los archivos de la carpeta se pueden ejecutar o utilizar en el proceso de instalaci\u00f3n, lo que genera un impacto considerable en la confidencialidad, la integridad y la disponibilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31498.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31498.json index 1425fc2bcd3..aee370210d1 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31498.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31498.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31498", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-11T11:15:09.193", - "lastModified": "2023-05-18T20:31:00.590", + "lastModified": "2023-11-14T16:22:52.857", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hospital_management_system_project:hospital_management_system:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5782858E-EE67-4D17-98DE-BB458942F807" + "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA36E354-4DBF-4BE4-9BC4-CB00C6771BAF" } ] } diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31754.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31754.json index bdabe9c73af..05916726b18 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31754.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31754.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31754", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T04:15:07.697", - "lastModified": "2023-11-14T04:15:07.697", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que la interfaz de usuario de Optimizely CMS anterior a v12.16.0 conten\u00eda una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s del panel de Administraci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34647.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34647.json index aa426ca4b24..85e5121d7f4 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34647.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34647.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34647", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-28T22:15:09.397", - "lastModified": "2023-07-06T15:20:13.683", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "84591D56-973E-4C02-987B-150B222CAA5E" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2E8786D0-84DE-477A-82C7-36966A103FFD" } ] } diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34652.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34652.json index 0623396aa8b..adb6f6c2bdf 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34652.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34652.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34652", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-28T21:15:10.167", - "lastModified": "2023-07-06T15:20:24.907", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "84591D56-973E-4C02-987B-150B222CAA5E" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2E8786D0-84DE-477A-82C7-36966A103FFD" } ] } diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json index e4c688ceb1a..675e27671d6 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36375.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36375", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T17:15:09.263", - "lastModified": "2023-11-07T04:16:33.420", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Modified", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178" } ] } diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36376.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36376.json index 45bb2ba1eb0..7e5fcb678a3 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36376.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36376.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36376", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T16:15:53.307", - "lastModified": "2023-11-07T04:16:34.357", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Modified", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178" } ] } diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36529.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36529.json index f02ac1a6239..002ffee4ea9 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36529.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36529.json @@ -2,15 +2,42 @@ "id": "CVE-2023-36529", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-03T17:15:08.830", - "lastModified": "2023-11-03T18:05:16.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:16:56.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Favethemes Houzez - Real Estate WordPress Theme permite la inyecci\u00f3n de SQL. Este problema afecta a Houzez - Real Estate WordPress Theme: desde n/a hasta 1.3.4." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:favethemes:houzez:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.4", + "matchCriteriaId": "008F583B-0C08-4A26-B5BF-7C1B23D32C17" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/houzez-crm/wordpress-houzez-crm-plugin-1-3-3-sql-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36823.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36823.json index cf488ff6cef..48b22e4f29d 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36823.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36823.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36823", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-06T16:15:10.147", - "lastModified": "2023-07-13T15:25:33.460", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-14T16:15:27.467", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -106,6 +106,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json index 29ee41f5b8d..d5ef362f2b3 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36939.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36939", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-10T18:15:10.963", - "lastModified": "2023-11-07T04:16:48.133", + "lastModified": "2023-11-14T16:36:13.640", "vulnStatus": "Modified", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:hostel_management_system_project:hostel_management_system:2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FC64E15A-2ECC-4930-8FDB-20AC554E3336" + "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178" } ] } diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3605.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3605.json index 29c2e77d726..6dd96a854a8 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3605.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3605.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3605", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-10T20:15:15.377", - "lastModified": "2023-11-07T04:19:07.830", + "lastModified": "2023-11-14T16:47:19.710", "vulnStatus": "Modified", "descriptions": [ { @@ -33,7 +33,7 @@ "impactScore": 5.2 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -100,8 +100,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "D7D11F3B-2D8E-47A6-B3D6-842866ED90F8" + "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F791729D-028D-4D1B-8816-A64C299CEB2A" } ] } diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json index f611f9b426c..375d2b43df5 100644 --- a/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37772", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T01:15:10.850", - "lastModified": "2023-08-04T16:23:46.130", + "lastModified": "2023-11-14T16:47:19.710", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,8 +55,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A" + "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29" } ] } diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json index 30bcf5b0cad..abae8e98952 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38890", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:12.690", - "lastModified": "2023-08-22T00:57:39.623", + "lastModified": "2023-11-14T16:47:19.710", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks." + }, + { + "lang": "es", + "value": "Online Shopping Portal Project v3.1 permite a atacantes remotos ejecutar comandos/consultas SQL arbitrarias a trav\u00e9s del formulario de inicio de sesi\u00f3n, lo que conduce a un acceso no autorizado y a una posible manipulaci\u00f3n de los datos. Esta vulnerabilidad surge debido a la insuficiente validaci\u00f3n de entrada proporcionada por el usuario en el campo de nombre de usuario, lo que permite ataques de inyecci\u00f3n SQL. " } ], "metrics": { @@ -55,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A" + "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C621ED01-1C5C-4DD2-9269-B1AC7CC7DE29" } ] } diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39301.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39301.json index 34d5659998e..26921366ea4 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39301.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39301.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39301", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2023-11-03T17:15:08.987", - "lastModified": "2023-11-03T18:05:16.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:29:43.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2514 build 20230906 and later\nQTS 5.1.1.2491 build 20230815 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.1.2488 build 20230812 and later\nQuTScloud c5.1.0.2498 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de Server-Side Request Forgery (SSRF) afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados leer datos de aplicaciones a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2514 compilaci\u00f3n 20230906 y posteriores QTS 5.1.1.2491 compilaci\u00f3n 20230815 y posteriores QuTS hero h5.0.1.2515 compilaci\u00f3n 20230907 y posteriores QuTS hero h5.1.1.2488 compilaci\u00f3n 20230812 y posteriores QuTScloud c5.1.0.2498 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1.1.2491", + "matchCriteriaId": "FE4E63EE-19E3-4A18-B22C-8E5A178643E6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.0.1.2514", + "matchCriteriaId": "2B2C011A-E432-4F18-8661-E51F3A1E969A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", + "versionEndExcluding": "h5.1.1.2488", + "matchCriteriaId": "FC1722B6-35FA-4544-B22F-257DE9A7B9CF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", + "versionEndExcluding": "h5.0.1.2515", + "matchCriteriaId": "F2CBD911-61F2-4248-9918-67A34E049686" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c5.1.0.2498", + "matchCriteriaId": "3CDA1932-DFFE-40B4-B8A8-E84914C99601" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-51", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41366.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41366.json index cf55f3910cd..e4b60abcea0 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41366.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41366.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41366", "sourceIdentifier": "cna@sap.com", "published": "2023-11-14T01:15:07.637", - "lastModified": "2023-11-14T01:15:07.637", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.\n\n" + }, + { + "lang": "es", + "value": "Bajo ciertas condiciones SAP NetWeaver Application Server ABAP - versiones KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, permite que un atacante no autenticado acceda a datos no deseados debido a la falta de restricciones aplicadas, lo que puede generar un bajo impacto en la confidencialidad y ning\u00fan impacto en la integridad y disponibilidad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41575.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41575.json index 21e91cc0151..42d90b64a5d 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41575.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41575.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41575", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-08T19:15:44.087", - "lastModified": "2023-09-12T19:14:47.017", + "lastModified": "2023-11-14T16:42:49.757", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters." + }, + { + "lang": "es", + "value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en /bbdms/sign-up.php de Blood Bank & Donor Management v2.2 permiten a los atacantes ejecutar scripts web arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en los par\u00e1metros Nombre completo, Mensaje o Direcci\u00f3n." } ], "metrics": { @@ -55,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:blood_bank_\\&_donor_management_system_project:blood_bank_\\&_donor_management_system:2.2:*:*:*:*:*:*:*", - "matchCriteriaId": "8E3A7305-2915-4C4F-9982-1C5C484E9C56" + "criteria": "cpe:2.3:a:phpgurukul:blood_bank_\\&_donor_management_system:2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A1E9BDDD-F357-4BD5-B838-13F94312F836" } ] } diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42325.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42325.json index ff30ebb8179..924af57b7ca 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42325.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42325.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42325", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T04:15:07.753", - "lastModified": "2023-11-14T04:15:07.753", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a trav\u00e9s de una URL manipulada para la p\u00e1gina status_logs_filter_dynamic.php." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42326.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42326.json index a068960d1f0..a3b686efd1c 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42326.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42326.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42326", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T05:15:08.587", - "lastModified": "2023-11-14T05:15:08.587", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components." + }, + { + "lang": "es", + "value": "Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42327.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42327.json index f3737c4248e..f3fd73022ce 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42327.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42327.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42327", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T04:15:07.800", - "lastModified": "2023-11-14T04:15:07.800", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a trav\u00e9s de una URL manipulada para la p\u00e1gina getserviceproviders.php." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42480.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42480.json index b2f3c7c01a6..1fc08aee63f 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42480.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42480.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42480", "sourceIdentifier": "cna@sap.com", "published": "2023-11-14T01:15:07.907", - "lastModified": "2023-11-14T01:15:07.907", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids.\u00a0This will have an impact on confidentiality but there is no other impact on integrity or availability.\n\n" + }, + { + "lang": "es", + "value": "El atacante no autenticado en la aplicaci\u00f3n NetWeaver AS Java Logon versi\u00f3n 7.50 puede forzar la funcionalidad de inicio de sesi\u00f3n para identificar los ID de usuario leg\u00edtimos. Esto tendr\u00e1 un impacto en la confidencialidad, pero no hay ning\u00fan otro impacto en la integridad o disponibilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42813.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42813.json index 946608e0848..3f05cb1a9f2 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42813.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42813.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42813", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T21:15:07.473", - "lastModified": "2023-11-13T21:15:07.473", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild." + }, + { + "lang": "es", + "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. El componente vulnerable en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda las certificaciones. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42814.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42814.json index 7c956e10e9a..f15c749ee3f 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42814.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42814.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42814", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T21:15:07.730", - "lastModified": "2023-11-13T21:15:07.730", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.\n" + }, + { + "lang": "es", + "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. El componente vulnerable en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda las certificaciones. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42815.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42815.json index d2d6255800d..6c5d74209ee 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42815.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42815.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42815", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T21:15:07.940", - "lastModified": "2023-11-13T21:15:07.940", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild." + }, + { + "lang": "es", + "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. La vulnerabilidad estaba en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda firmas. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42816.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42816.json index 7bf34ef0acb..1efc9eb8bcd 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42816.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42816.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42816", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T21:15:08.127", - "lastModified": "2023-11-13T21:15:08.127", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild." + }, + { + "lang": "es", + "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. La vulnerabilidad estaba en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda firmas. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43503.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43503.json index 528015693c6..e2daad74e4a 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43503.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43503.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43503", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:11.297", - "lastModified": "2023-11-14T11:15:11.297", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en COMOS (Todas las versiones < V10.4.4). El sistema de almacenamiento en cach\u00e9 de la aplicaci\u00f3n afectada filtra informaci\u00f3n confidencial, como informaci\u00f3n del usuario y del proyecto, en texto plano a trav\u00e9s de UDP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43504.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43504.json index 00f5b634a79..693ce41b6a7 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43504.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43504.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43504", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:11.600", - "lastModified": "2023-11-14T11:15:11.600", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en COMOS (Todas las versiones < V10.4.4). El ejecutable de Ptmcast utilizado para probar el servicio de validaci\u00f3n de cach\u00e9 en la aplicaci\u00f3n afectada es vulnerable al desbordamiento del b\u00fafer basado en Structured Exception Handler (SEH). Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario en el sistema de destino o provocar una condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43505.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43505.json index 340c42c4e90..b9695cdab25 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43505.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43505.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43505", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:11.853", - "lastModified": "2023-11-14T11:15:11.853", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en COMOS (todas las versiones). La aplicaci\u00f3n afectada carece de controles de acceso adecuados en los recursos compartidos de SMB. Esto podr\u00eda permitir que un atacante acceda a archivos a los que el usuario no deber\u00eda tener acceso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43900.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43900.json index c9e796649a4..14b8598ff91 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43900.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43900.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43900", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T05:15:08.700", - "lastModified": "2023-11-14T05:15:08.700", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters." + }, + { + "lang": "es", + "value": "Insecure Direct Object References (IDOR) en EMSigner v2.8.7 permiten a los atacantes obtener acceso no autorizado al contenido de la aplicaci\u00f3n y ver datos confidenciales de otros usuarios mediante la manipulaci\u00f3n de los par\u00e1metros documentID y EncryptedDocumentId." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43901.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43901.json index 77c422409ac..837b2bd71b4 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43901.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43901.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43901", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T05:15:08.767", - "lastModified": "2023-11-14T05:15:08.767", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user." + }, + { + "lang": "es", + "value": "El control de acceso incorrecto en el formulario de creaci\u00f3n de Usuarios AdHoc de EMSigner v2.8.7 permite a atacantes no autenticados modificar arbitrariamente nombres de usuarios y privilegios utilizando la direcci\u00f3n de correo electr\u00f3nico de un usuario registrado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43902.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43902.json index 0a500623906..bff3c92fe5a 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43902.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43902.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43902", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T05:15:08.833", - "lastModified": "2023-11-14T05:15:08.833", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token." + }, + { + "lang": "es", + "value": "El control de acceso incorrecto en la funci\u00f3n Forgot Your Password de EMSigner v2.8.7 permite a atacantes no autenticados acceder a las cuentas de todos los usuarios registrados, incluidos aquellos con privilegios de administrador, a trav\u00e9s de un token de restablecimiento de contrase\u00f1a manipulado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json index 94017b52666..282a9535f20 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44317", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.067", - "lastModified": "2023-11-14T11:15:12.067", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos productos afectados no validan adecuadamente el contenido de los certificados X509 cargados, lo que podr\u00eda permitir a un atacante con privilegios administrativos ejecutar c\u00f3digo arbitrario en el dispositivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44318.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44318.json index 7a1b016c3fd..133b3e8121d 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44318.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44318.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44318", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.287", - "lastModified": "2023-11-14T11:15:12.287", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados utilizan una clave codificada para ocultar la copia de seguridad de la configuraci\u00f3n que un administrador puede exportar desde el dispositivo. Esto podr\u00eda permitir que un atacante autenticado con privilegios administrativos o un atacante que obtenga una copia de seguridad de la configuraci\u00f3n extraiga informaci\u00f3n de configuraci\u00f3n del archivo exportado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json index 34db0d4a86a..910e13888b6 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44319", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.510", - "lastModified": "2023-11-14T11:15:12.510", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados utilizan un algoritmo de suma de comprobaci\u00f3n d\u00e9bil para proteger la copia de seguridad de la configuraci\u00f3n que un administrador puede exportar desde el dispositivo. Esto podr\u00eda permitir que un atacante autenticado con privilegios administrativos o un atacante que enga\u00f1e a un administrador leg\u00edtimo cargue un archivo de configuraci\u00f3n modificado para cambiar la configuraci\u00f3n de un dispositivo afectado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json index a116a26ff30..bd7c23e64df 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44320", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.757", - "lastModified": "2023-11-14T11:15:12.757", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados no validan adecuadamente la autenticaci\u00f3n al realizar ciertas modificaciones en la interfaz web, lo que permite que un atacante autenticado influya en la interfaz de usuario configurada por un administrador." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json index 42f6879f445..79927a23d73 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44321", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.973", - "lastModified": "2023-11-14T11:15:12.973", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados no validan adecuadamente la longitud de las entradas al realizar ciertos cambios de configuraci\u00f3n en la interfaz web, lo que permite que un atacante autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio. Es necesario reiniciar el dispositivo para que la interfaz web vuelva a estar disponible." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json index 33f38e77bb1..2ddcc170fba 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44322", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.187", - "lastModified": "2023-11-14T11:15:13.187", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en:\nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), \nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (V < 4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (V < 4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados se pueden configurar para enviar correos electr\u00f3nicos cuando ocurren ciertos eventos en el dispositivo. Cuando se presenta una respuesta no v\u00e1lida del servidor SMTP, el dispositivo genera un error que interrumpe el env\u00edo de correo electr\u00f3nico. Un atacante con acceso a la red puede usar esto para desactivar la notificaci\u00f3n a los usuarios cuando ocurren ciertos eventos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json index 5d97c098f6e..caecf7d49a3 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44373", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.417", - "lastModified": "2023-11-14T11:15:13.417", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en: \nSCALANCE XB205-3 (SC, PN) (V < 4.5), \nSCALANCE XB205-3 (ST, E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST , E/IP) (V < 4.5), \nSCALANCE XB205-3 (ST, PN) (V < 4.5), \nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), \nSCALANCE XB205-3LD (SC, PN) (V < 4.5), \nSCALANCE XB208 (E/IP) (V < 4.5), \nSCALANCE XB208 (PN) (V < 4.5), \nSCALANCE XB213-3 (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3 (SC, PN) (V < 4.5), \nSCALANCE XB213-3 (ST, E/IP) ( V < 4.5), \nSCALANCE XB213-3 (ST, PN) (V < 4.5), \nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5), \nSCALANCE XB213-3LD (SC, PN) (V < 4.5), \nSCALANCE XB216 (E/IP) (V < 4.5), \nSCALANCE XB216 (PN) (V < 4.5), \nSCALANCE XC206-2 (SC ) (V < 4.5), \nSCALANCE XC206-2 (ST/BFOC) (V < 4.5), \nSCALANCE XC206-2G PoE (V < 4.5), \nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5), y\nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), \nSCALANCE XC206-2SFP (V < 4.5), \nSCALANCE XC206-2SFP EEC ( V < 4.5), \nSCALANCE XC206-2SFP G (V < 4.5), \nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), \nSCALANCE XC206-2SFP G EEC (V < 4.5), \nSCALANCE XC208 (V < 4.5), \nSCALANCE XC208EEC (V < 4.5), \nSCALANCE XC208G (V < 4.5), \nSCALANCE XC208G (EIP def.) (V < 4.5), \nSCALANCE XC208G EEC (V < 4.5), \nSCALANCE XC208G PoE (V < 4.5), \nSCALANCE XC208G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216 (todas versiones < V4.5), \nSCALANCE XC216-3G PoE (V < 4.5), \nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5), \nSCALANCE XC216-4C (V < 4. 5), \nSCALANCE XC216-4C G (V < 4.5), \nSCALANCE XC216-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC216-4C G EEC (V < 4.5) , \nSCALANCE XC216EEC (V < 4.5), \nSCALANCE XC224 (V < 4.5), \nSCALANCE XC224-4C G (V < 4.5), \nSCALANCE XC224-4C G (EIP Def.) (V < 4.5), \nSCALANCE XC224-4C G EEC (V < 4.5), \nSCALANCE XF204 (V < 4.5), \nSCALANCE XF204 DNA (V < 4.5), \nSCALANCE XF204-2BA (Todas versiones < V4.5), \nSCALANCE XF204-2BA DNA (V < 4.5), \nSCALANCE XP208 (V < 4.5), \nSCALANCE XP208 (Ethernet/IP) (V < 4.5), \nSCALANCE XP208EEC (V < 4.5), \nSCALANCE XP208PoE EEC (V < 4.5), \nSCALANCE XP216 (V < 4.5), \nSCALANCE XP216 (Ethernet/IP) (V < 4.5), \nSCALANCE XP216EEC (V < 4.5), \nSCALANCE XP216POE EEC (V < 4.5), \nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5), \nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5), \nSCALANCE XR326-2C PoE WG (V < 4.5), \nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5), \nSCALANCE XR328-4C WG (24XFE , 4XGE, 24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5), \nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5), \nSCALANCE XR328- 4C WG (28xGE, DC 24V) (V < 4.5), \nSIPLUS NET SCALANCE XC206-2 (V < 4.5), \nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5), \nSIPLUS NET SCALANCE XC208 (V < 4.5), \nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados no sanitizan adecuadamente un campo de entrada. Esto podr\u00eda permitir que un atacante remoto autenticado con privilegios administrativos inyecte c\u00f3digo o genere un root shell del sistema. Seguimiento del CVE-2022-36323." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json index 59a5af219e4..237e01142a0 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44374", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.753", - "lastModified": "2023-11-14T11:15:13.753", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en:\nSCALANCE XB205-3 (SC, PN) (V < 4.5),\nSCALANCE XB205-3 (ST, E/IP) (V < 4.5),\nSCALANCE XB205-3 (ST, E/IP) (V < 4.5),\nSCALANCE XB205-3 (ST, PN) (V < 4.5),\nSCALANCE XB205-3LD (SC, E/IP) (V < 4.5),\nSCALANCE XB205-3LD (SC, PN) (V < 4.5),\nSCALANCE XB208 (E/IP) (V < 4.5),\nSCALANCE XB208 (PN) (V < 4.5),\nSCALANCE XB213-3 (SC, E/IP) (V < 4.5),\nSCALANCE XB213-3 (SC, PN) (V < 4.5),\nSCALANCE XB213-3 (ST, E/IP) (V < 4.5),\nSCALANCE XB213-3 (ST, PN) (V < 4.5),\nSCALANCE XB213-3LD (SC, E/IP) (V < 4.5),\nSCALANCE XB213-3LD (SC, PN) (V < 4.5),\nSCALANCE XB216 (E/IP) (V < 4.5),\nSCALANCE XB216 (PN) (V < 4.5),\nSCALANCE XC206-2 (SC) (V < 4.5),\nSCALANCE XC206-2 (ST/BFOC) (V < 4.5),\nSCALANCE XC206-2G PoE (V < 4.5),\nSCALANCE XC206-2G PoE (54 V DC) (V < 4.5),\nSCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5),\nSCALANCE XC206-2SFP (V < 4.5),\nSCALANCE XC206-2SFP EEC (V < 4.5),\nSCALANCE XC206-2SFP G (V < 4.5),\nSCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5),\nSCALANCE XC206-2SFP G EEC (V < 4.5),\nSCALANCE XC208 (V < 4.5),\nSCALANCE XC208EEC (V < 4.5),\nSCALANCE XC208G (V < 4.5),\nSCALANCE XC208G (EIP def.) (V < 4.5),\nSCALANCE XC208G EEC (V < 4.5),\nSCALANCE XC208G PoE (V < V4.5),\nSCALANCE XC208G PoE (54 V DC) (V < 4.5),\nSCALANCE XC216 (V < 4.5),\nSCALANCE XC216-3G PoE (V < V4.5),\nSCALANCE XC216-3G PoE (54 V DC) (V < 4.5),\nSCALANCE XC216-4C (V < 4.5),\nSCALANCE XC216-4C G (V < 4.5),\nSCALANCE XC216-4C G (EIP Def.) (V < 4.5),\nSCALANCE XC216-4C G EEC (V < 4.5),\nSCALANCE XC216EEC (V < 4.5),\nSCALANCE XC224 (V < 4.5),\nSCALANCE XC224-4C G (V < 4.5),\nSCALANCE XC224-4C G (EIP Def.) (V < 4.5),\nSCALANCE XC224-4C G EEC (V < 4.5),\nSCALANCE XF204 (V < 4.5),\nSCALANCE XF204 DNA (V < 4.5),\nSCALANCE XF204-2BA (V < 4.5),\nSCALANCE XF204-2BA DNA (V < 4.5),\nSCALANCE XP208 (V < 4.5),\nSCALANCE XP208 (Ethernet/IP) (V < 4.5),\nSCALANCE XP208EEC (V < 4.5),\nSCALANCE XP208PoE EEC (V < 4.5),\nSCALANCE XP216 (V < 4.5),\nSCALANCE XP216 (Ethernet/IP) (V < 4.5),\nSCALANCE XP216EEC (V < 4.5),\nSCALANCE XP216POE EEC (V < 4.5),\nSCALANCE XR324WG (24 x FE, AC 230V) (V < 4.5),\nSCALANCE XR324WG (24 X FE, DC 24V) (V < 4.5),\nSCALANCE XR326-2C PoE WG (V < 4.5),\nSCALANCE XR326-2C PoE WG (sin UL) (V < 4.5),\nSCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (V < 4.5),\nSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (V < 4.5),\nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5),\nSCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (V < 4.5),\nSCALANCE XR328-4C WG (28xGE, AC 230V) (V < 4.5),\nSCALANCE XR328-4C WG (28xGE, DC 24V) (V < 4.5),\nSIPLUS NET SCALANCE XC206-2 (V < 4.5),\nSIPLUS NET SCALANCE XC206-2SFP (V < 4.5),\nSIPLUS NET SCALANCE XC208 (V < 4.5),\nSIPLUS NET SCALANCE XC216-4C (V < 4.5).\nLos dispositivos afectados permiten cambiar la contrase\u00f1a, pero no comprueban suficientemente qu\u00e9 contrase\u00f1a se debe cambiar. Con esto, un atacante autenticado podr\u00eda, bajo ciertas condiciones, cambiar la contrase\u00f1a de otro usuario administrador potencial, permiti\u00e9ndole escalar sus privilegios." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45558.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45558.json index cf29bda4674..381dba27421 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45558.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45558.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45558", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T03:15:09.210", - "lastModified": "2023-11-14T03:15:09.210", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en Golden v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtraci\u00f3n del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45560.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45560.json index bd338d3d66d..de684066fed 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45560.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45560.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45560", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T03:15:09.263", - "lastModified": "2023-11-14T03:15:09.263", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la tarjeta de miembro de Yasukawa v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtraci\u00f3n del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json index 01533fb9913..8a30000ab85 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45657.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45657", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.730", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:28:24.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en POSIMYTH Nexter permite la inyecci\u00f3n SQL. Este problema afecta a Nexter: desde n/a hasta 2.0.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:posimyth:nexter:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.4", + "matchCriteriaId": "FC7B069B-CDB0-474B-8E07-7425C9EB280F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/nexter/wordpress-nexter-theme-2-0-3-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45684.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45684.json new file mode 100644 index 00000000000..cedc0b9a901 --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45684.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45684", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-14T15:15:07.553", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cfengine.com/blog/2023/cve-2023-45684/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45794.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45794.json index 3295b214973..5b2fa499307 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45794.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45794.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45794", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.970", - "lastModified": "2023-11-14T11:15:13.970", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design.\r\n\r\nThis could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en aplicaciones Mendix que usan:\nMendix 10 (todas las versiones < V10.4.0),\nMendix 7 (todas las versiones < V7.23.37),\nMendix 8 (todas las versiones < V8.18.27),\nMendix 9 (todas las versiones " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json index bd55511171c..5e957f6c865 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45830.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45830", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T09:15:08.790", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:28:18.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Online ADA Accessibility Suite de Online ADA permite la inyecci\u00f3n de SQL. Este problema afecta a Accessibility Suite de Online ADA: desde n/a hasta 4.11." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adaplugin:accessibility_suite_by_online_ada:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.11", + "matchCriteriaId": "5086E689-7C3C-43F6-A204-461ED5D293F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45878.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45878.json index 3a0ffaf5edc..89a85911446 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45878.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45878.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45878", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T06:15:29.040", - "lastModified": "2023-11-14T06:15:29.040", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated)." + }, + { + "lang": "es", + "value": "GibbonEdu Gibbon versi\u00f3n 25.0.1 y anteriores permite la escritura arbitraria de archivos porque rubrics_visualise_saveAjax.phps no requiere autenticaci\u00f3n. El endpoint acepta los par\u00e1metros img, path y gibbonPersonID. Se espera que el par\u00e1metro img sea una imagen codificada en base64. Si se establece el par\u00e1metro de ruta, la ruta definida se utiliza como carpeta de destino, concatenada con la ruta absoluta del directorio de instalaci\u00f3n. El contenido del par\u00e1metro img se decodifica en base64 y se escribe en la ruta del archivo definida. Esto permite la creaci\u00f3n de archivos PHP que permiten la ejecuci\u00f3n remota de c\u00f3digo (no autenticado)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45879.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45879.json index 1fad83f8c36..b2a6ebc481e 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45879.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45879.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45879", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T06:15:29.150", - "lastModified": "2023-11-14T06:15:29.150", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component." + }, + { + "lang": "es", + "value": "GibbonEdu Gibbon versi\u00f3n 25.0.0 permite la inyecci\u00f3n de HTML a trav\u00e9s de un elemento IFRAME al componente Messager." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45880.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45880.json index 81e2580a7cd..74246e9cf69 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45880.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45880.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45880", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T06:15:29.203", - "lastModified": "2023-11-14T06:15:29.203", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot." + }, + { + "lang": "es", + "value": "GibbonEdu Gibbon hasta la versi\u00f3n 25.0.0 permite el Directory Traversal a trav\u00e9s del generador de plantillas de informes. Un atacante puede crear un nuevo componente de activo. El par\u00e1metro templateFileDestination se puede establecer en un nombre de ruta (y extensi\u00f3n) arbitraria. Esto permite la creaci\u00f3n de archivos PHP fuera del directorio de carga, directamente en webroot." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45881.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45881.json index 9bed9d441e6..2e405dc5d1b 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45881.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45881.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45881", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T06:15:29.257", - "lastModified": "2023-11-14T06:15:29.257", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response." + }, + { + "lang": "es", + "value": "GibbonEdu Gibbon hasta la versi\u00f3n 25.0.0 permite la carga de archivos /modules/Planner/resources_addQuick_ajaxProcess.php con el XSS resultante. El par\u00e1metro imageAsLinks debe establecerse en Y para devolver c\u00f3digo HTML. El atributo de nombre de archivo del par\u00e1metro bodyfile1 se refleja en la respuesta." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46014.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46014.json index 217b37bda28..9f4ad1e024c 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46014.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46014.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46014", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T22:15:07.487", - "lastModified": "2023-11-13T22:15:07.487", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en hospitalLogin.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de los par\u00e1metros 'hemail' y 'hpassword'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46015.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46015.json index fab3558b162..4dd4a522404 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46015.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46015.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46015", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T22:15:07.537", - "lastModified": "2023-11-13T22:15:07.537", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en index.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro 'msg' en la URL de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46016.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46016.json index 5ff12f38193..42aa8897294 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46016.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46016.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46016", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T22:15:07.587", - "lastModified": "2023-11-13T22:15:07.587", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL." + }, + { + "lang": "es", + "value": "Cross Site Scripting (XSS) en abs.php en Code-Projects Blood Bank 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro 'search' en la URL de la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46017.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46017.json index 3489d6b118a..600a2fc35ed 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46017.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46017.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46017", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T22:15:07.640", - "lastModified": "2023-11-13T22:15:07.640", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en ReceiverLogin.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de los par\u00e1metros 'remail' y 'rpassword'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46018.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46018.json index f552f6d7ce4..5253a12d558 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46018.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46018.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46018", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T22:15:07.690", - "lastModified": "2023-11-13T22:15:07.690", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \\allows attackers to run arbitrary SQL commands via 'remail' parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en ReceiverReg.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro 'remail'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46019.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46019.json index 4d63d1c721c..8f8431944ce 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46019.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46019.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46019", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T23:15:07.840", - "lastModified": "2023-11-13T23:15:07.840", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en abs.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro 'error'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46020.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46020.json index cb1f10d4a4d..5cafa00c73f 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46020.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46020.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46020", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T23:15:07.893", - "lastModified": "2023-11-13T23:15:07.893", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters." + }, + { + "lang": "es", + "value": "Cross Site Scripting (XSS) en updateprofile.php en Code-Projects Blood Bank 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros 'rename', 'remail', 'rphone' y 'rcity'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46021.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46021.json index b42e5646684..936d9388125 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46021.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46021.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46021", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T23:15:07.950", - "lastModified": "2023-11-13T23:15:07.950", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en cancel.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro 'reqid'." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json index 10b3103b7bc..658b39abeb8 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46084.json @@ -2,18 +2,45 @@ "id": "CVE-2023-46084", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:07.917", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:28:12.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en bPlugins LLC Icons Font Loader permite la inyecci\u00f3n SQL. Este problema afecta a Icons Font Loader: desde n/a hasta 1.1.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +48,43 @@ "value": "CWE-89" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bplugins:icons_font_loader:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.2", + "matchCriteriaId": "33874656-724D-4F9C-B00B-2985EFB7B25F" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/icons-font-loader/wordpress-icons-font-loader-plugin-1-1-2-subscriber-sql-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46096.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46096.json index 424d0e8e7f9..25f08659581 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46096.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46096.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46096", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:14.167", - "lastModified": "2023-11-14T11:15:14.167", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). El PUD Manager de los productos afectados no autentica adecuadamente a los usuarios en el servicio web PUD Manager. Esto podr\u00eda permitir que un atacante adyacente no autenticado genere un token privilegiado y cargue documentos adicionales." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46097.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46097.json index 15725ece3e2..3e30608b51b 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46097.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46097.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46097", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:14.360", - "lastModified": "2023-11-14T11:15:14.360", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). El PUD Manager de los productos afectados no neutraliza adecuadamente las entradas proporcionadas por el usuario. Esto podr\u00eda permitir que un atacante adyacente autenticado ejecute declaraciones SQL en la base de datos subyacente." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46098.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46098.json index f97154dc7e8..e3454035234 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46098.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46098.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46098", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:14.553", - "lastModified": "2023-11-14T11:15:14.553", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). Al acceder al servidor de informaci\u00f3n desde los productos afectados, los productos utilizan una pol\u00edtica CORS demasiado permisiva. Esto podr\u00eda permitir a un atacante enga\u00f1ar a un usuario leg\u00edtimo para provocar un comportamiento no deseado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46099.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46099.json index 13a4347e1a8..5cfae678591 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46099.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46099.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46099", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:14.840", - "lastModified": "2023-11-14T11:15:14.840", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS neo (todas las versiones < V4.1). Existe una vulnerabilidad de cross-site scripting almacenada en la Consola de Administraci\u00f3n del producto afectado, que podr\u00eda permitir a un atacante con altos privilegios inyectar c\u00f3digo Javascript en la aplicaci\u00f3n que luego ser\u00e1 ejecutado por otro usuario leg\u00edtimo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46445.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46445.json index f77a9874895..4d7d44eeda3 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46445.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46445.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46445", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T03:15:09.470", - "lastModified": "2023-11-14T03:15:09.470", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack." + }, + { + "lang": "es", + "value": "Un problema en AsyncSSH v2.14.0 y versiones anteriores permite a los atacantes controlar el mensaje de informaci\u00f3n de la extensi\u00f3n (RFC 8308) mediante un ataque de intermediario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46446.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46446.json index 342a068179d..ac135d1bdd4 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46446.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46446.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46446", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T03:15:09.573", - "lastModified": "2023-11-14T03:15:09.573", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation." + }, + { + "lang": "es", + "value": "Un problema en AsyncSSH v2.14.0 y versiones anteriores permite a los atacantes controlar el final remoto de una sesi\u00f3n de cliente SSH mediante inyecci\u00f3n/eliminaci\u00f3n de paquetes y emulaci\u00f3n de shell." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46590.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46590.json index 386801c3b4d..741f9258cba 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46590.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46590.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46590", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:15.063", - "lastModified": "2023-11-14T11:15:15.063", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Siemens OPC UA Modeling Editor (SiOME) (todas las versiones < V2.8). Los productos afectados padecen una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE). Esta vulnerabilidad podr\u00eda permitir que un atacante interfiera con el procesamiento de datos XML de una aplicaci\u00f3n y lea archivos arbitrarios en el sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46601.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46601.json index 3e50061eed2..6847eb2cadb 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46601.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46601.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46601", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:15.293", - "lastModified": "2023-11-14T11:15:15.293", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en COMOS (todas las versiones). La aplicaci\u00f3n afectada carece de controles de acceso adecuados para realizar la conexi\u00f3n a SQLServer. Esto podr\u00eda permitir a un atacante consultar la base de datos directamente para acceder a informaci\u00f3n a la que el usuario no deber\u00eda tener acceso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json index 227cb841c6d..ff6bf5df42c 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46776.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46776", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.380", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:23:57.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <=\u00a01.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Serena Villa Auto Excerpt everywhere en versiones <= 1.5." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:josie:auto_excerpt_everywhere:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5", + "matchCriteriaId": "D7C66C01-F278-41BF-94CA-9E9911DC22CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/auto-excerpt-everywhere/wordpress-auto-excerpt-everywhere-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json index 5ec3602109e..5ca16c5a617 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46778.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46778", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.513", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:23:52.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <=\u00a02.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento TheFreeWindows Auto Limit Posts Reloaded en versiones <= 2.5." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thefreewindows:auto_limit_posts_reloaded:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.5", + "matchCriteriaId": "5D61A5B2-FBC8-4EBC-BF71-6ACD767FED2F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/auto-limit-posts-reloaded/wordpress-auto-limit-posts-reloaded-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json index 3629d9056d4..519fcfd26a5 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46779.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46779", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.573", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:23:35.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <=\u00a03.5.3251 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento EasyRecipe en versiones <= 3.5.3251." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easyrecipe_project:easyrecipe:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.5.3251", + "matchCriteriaId": "B38BB83F-6C6B-4049-9A3F-302EC8B6824A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/easyrecipe/wordpress-easyrecipe-plugin-3-5-3251-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json index 23f38ddc41a..4fd89e0d35a 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46780.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46780", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.637", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:23:28.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <=\u00a01.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en las versiones del complemento Alter en versiones <= 1.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:altersoftware:alter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "A704DFF2-CD75-4B77-B8D4-427285CDCBD3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/alter/wordpress-alter-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json index 52633161e32..731131744c7 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46781.json @@ -2,18 +2,45 @@ "id": "CVE-2023-46781", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.700", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:23:15.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <=\u00a01.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Roland Murg Current Menu Item para el complemento Custom Post Types en versiones <= 1.5." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +48,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rolandmurg:current_menu_item_for_custom_post_types:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5", + "matchCriteriaId": "2033C3BE-E91F-4AE9-9509-02BB43B9D9E4" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/current-menu-item-for-custom-post-types/wordpress-current-menu-item-for-custom-post-types-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json index 03d9a690b28..7119196da74 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46782.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46782", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:07.987", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:27:33.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <=\u00a01.0.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Chris Yee MomentoPress para Momento360 en versiones <= 1.0.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chrisyee:momentopress_for_momento360:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.1", + "matchCriteriaId": "FA19B7F5-7521-4DDF-90FE-973FD20E49D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cmyee-momentopress/wordpress-momentopress-for-momento360-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json index e4aa62a54b1..507391e0ed1 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46783.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46783", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T10:15:08.060", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:27:27.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <=\u00a01.2.13 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Bright Plugins Pre-Orders para WooCommerce en versiones <= 1.2.13." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brightplugins:pre-orders_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.13", + "matchCriteriaId": "48D37693-075B-493D-B583-69135AC4A12A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/pre-orders-for-woocommerce/wordpress-pre-orders-for-woocommerce-plugin-1-2-13-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json index 2edb15058de..244117cdf93 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json @@ -2,23 +2,86 @@ "id": "CVE-2023-46802", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-06T02:15:07.333", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:30:13.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker." + }, + { + "lang": "es", + "value": "e-Tax software versi\u00f3n 3.0.10 y anteriores restringe incorrectamente las referencias de entidades externas XML (XXE) debido a la configuraci\u00f3n del analizador XML incorporado. Al procesar un archivo XML especialmente manipulado, un atacante puede leer archivos arbitrarios del sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nta:e-tax:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.0.10", + "matchCriteriaId": "8E173A0D-2026-4AF7-BE6D-2366D6B26FA4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jvn.jp/en/jp/JVN14762986/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.e-tax.nta.go.jp/topics/topics_20231102.htm", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4603.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4603.json index d6ab998354d..573e121ee20 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4603.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4603.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4603", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-13T23:15:08.800", - "lastModified": "2023-11-13T23:15:08.800", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Star CloudPRNT para WooCommerce para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'printersettings' en versiones hasta la 2.0.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json index d135fd9a5e3..4be7c0b09e2 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4625.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4625", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2023-11-06T05:15:15.187", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:30:36.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login." + }, + { + "lang": "es", + "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en los m\u00f3dulos de Mitsubishi Electric Corporation MELSEC iQ-F Series CPU, la funci\u00f3n de servidor web permite a un atacante remoto no autenticado evitar que usuarios leg\u00edtimos inicien sesi\u00f3n en la funci\u00f3n de servidor web durante un cierto per\u00edodo despu\u00e9s de que el atacante haya intentado iniciar sesi\u00f3n ilegalmente al intentar continuamente iniciar sesi\u00f3n sin autorizaci\u00f3n en la funci\u00f3n del servidor web. El impacto de esta vulnerabilidad persistir\u00e1 mientras el atacante contin\u00fae intentando iniciar sesi\u00f3n sin autorizaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + }, { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary", @@ -46,18 +80,1731 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33AAA05B-2759-41C2-9BD9-287F960A9366" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-32mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EBBBBA1-9BBC-4D7E-888B-8BE3CCE0E183" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43C0B2BE-DFAC-45A5-B8C0-B7E452002C81" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-64mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69726C20-71EA-4855-9442-2C703814DD9A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D813980-035D-4F3E-B76B-F7FB9B14D65A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-80mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "085E2C8A-35D7-4771-A24E-D5FAB4295728" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-32mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD690313-ED76-4309-895E-45EA353B0CE1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-32mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "163F6A01-2290-45A8-9FBE-08E51234A71F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-64mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "884527F2-672F-48D7-8229-2A1273D02ED7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-64mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "60E9BB66-7E94-4030-9659-6AD1C40FBB1E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-80mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "59B8CE2E-173B-4CB1-8766-ED8F637796B6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-80mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00AB756D-98D8-4D85-8B62-8A9122694CCA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9D21164-AE34-4DB8-B8FB-8C5B0D444ACE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-32mt\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6DD789CC-74EC-4494-91BD-5102553DA46E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D4AF6C-E9A0-4995-97E6-7F94B225DD5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-64mt\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72F21C02-86EF-4F71-A5DE-32F68CF5C441" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0CCD3EAB-2CC9-447C-807A-0613FD43B8B7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-80mt\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "823CD3C9-F27B-4DA1-8E6D-0FEB4651C9A6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-32mr\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "692479C5-BB04-40E4-9235-1714CD6A31D7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-32mr\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6950EA2C-5799-453A-8EA5-FB588F234506" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-64mr\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FD73716-838C-4C19-8E8F-5F19191F34DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-64mr\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7252E82F-6C13-403F-AC0A-9BA3A596D7C0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-80mr\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F01DEB00-0D8E-4CE2-9B94-7D42C0C56F74" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-80mr\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "475B97F7-6546-4892-BD44-812E6D6813D6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E645E44A-DEE7-414F-BE81-0DD9B6DC8CD0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-32mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "01F37B7D-C801-48EF-B9C9-C059303898F8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40A634E8-2567-4F90-A351-5B2125BC71C6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-64mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D3E483A0-784C-4E25-BED7-7244AC6C0739" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D921030A-1359-420F-B8A1-E29ECF34DD9A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-80mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4EBE129E-CDEF-49D4-A81D-C8E73C54F6D6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E60CB008-DB9C-4233-A0EA-71E379F3B6E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-32mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C8E431E0-759C-4199-BFFE-82F6251160F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A0A9A631-6BEB-4BEE-9F5A-5C7A43DD6991" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-64mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5337A36D-029D-4E59-BAAB-9A7A20640C92" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4198EF4-E3C0-43DC-A8DD-1DC3FFE4CF59" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5u-80mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "195CB538-682F-44A7-BEEC-3554737C251F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E2293F8-1A3F-4880-BCF5-B3A7DFF01F35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBBFA917-5DCF-4B0C-8C32-AC384FB880AC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/d_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CFBCB848-E656-4488-9BE5-62EEEA6526C9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-64mt\\/d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49F19AFE-8A0C-4F21-AE83-5DE3040917C4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/d_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "465D93FB-7B58-4E2F-85C7-D1462F3A4928" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-96mt\\/d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5233D432-3102-421D-B4F5-66469C28DF3B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C554660B-CDC7-4DAA-8741-CFC546A6D678" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CFE160B-32CC-4529-AD35-7467A32B609E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF9F7F63-A79C-4F3F-B1F3-C3C974DB7649" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-64mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EDE9CE57-6C80-4547-8476-55E5CA4BFCE7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B45CBED0-6B75-4FC8-A55E-4EAA60C1E99C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-96mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "491D865E-3C0A-4ED7-AEAF-A0D69D832DBA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D9666151-FC68-471D-960F-9A85B2AE513B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4B64FFA-59CE-46E9-B240-F083B332BFD1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62AF044F-84FF-4EEB-A0ED-755B94BE8A3B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2122A970-5A7D-40A6-BB97-622B695713ED" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E10C7797-2505-4B69-94E9-78F931A72D0B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6319D639-CC7B-414E-9DCB-F9D427E8FEF2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1BD07A-538D-44BC-A50E-0CD12303EE6E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B284B91-7571-4614-A721-676D1972E2D0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63BA3EA7-C2A4-4A58-914C-63DDB958548B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8ED5C2F9-C203-40FD-B15C-F91A68FA0DCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF1D2D59-F506-45D4-BD4A-D69CFDDCD50F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F5B2760-4E56-4FAA-A723-BB7CC28FAFD2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5192EC31-9128-4DCB-ABEA-2EDE141B251C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3F4BA009-4F0A-427C-9D4A-F8A128F5F8C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E437415B-3072-438C-8054-FB4C8AD780D4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B0AA6C3-68CC-454B-A959-707BB20F4E07" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B59ED412-6D2A-4B07-B665-6B8EB9FFF173" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8CAF8ED8-B265-4FC5-91AE-CFA4C282E27F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFC5E3AC-5403-46FE-8E8D-B2970BC18192" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D8A69D9-DE42-4953-AD81-40EF7A003823" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE6A1EF8-C44A-466A-BDD2-BED016A9BED2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A38E527-6290-49AE-885A-21C4FC77EE96" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1AADFEEA-40C3-4F4B-ADFD-4B58DF06E6A3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7625B11E-0A91-46D2-8952-AC0BA956D7A8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "20DD2D9D-D6B6-4B4C-9DA9-84AA34BE9F6B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46163315-5BC1-4DAC-A85C-37DF75E678AB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "743F274F-6F02-48B9-B443-24CA88F9F5A3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0388C911-C9B8-45FB-8643-465D646072ED" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1426525-5792-4986-937A-FCCB37F31BA1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F406F39B-0360-4E64-8B43-39BC545CA01B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0EC57338-B6BF-4264-8C20-9C39BC813EE8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D496BBB-20CC-46DC-B881-D5F8703BC445" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F903ACD7-413B-4BFF-9DC1-8E0A5899EA60" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CA4CD40-4360-4CAE-AC24-36A57FA06056" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/ds_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F51F96B2-CF87-4D26-AEE6-492BB98BAFA7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/ds:-:*:*:*:*:*:*:*", + "matchCriteriaId": "956513B2-149C-49D7-AEC5-6CDC3AC3C23A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35FB4A78-407D-460F-BF42-962C9649EA57" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E3FD8F-5D57-4E5D-B0CB-7F3AE7C54BDF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39498EA5-B39B-4D22-9E51-8E08F3CD7E29" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE57CC6C-6A71-4354-8B2F-BFFDB21F3B9F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/dss_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A751E770-CE37-46B1-B774-60380D994B44" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/dss:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BC66EAF0-4A39-486D-88E0-7B5B6AF8E2C9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es-a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68EB4618-0CB9-4101-A6D2-530BB6075FD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mt\\/es-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "345CD57D-EC2D-4A9E-B4A3-9E32535ECC23" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es-a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4FDE843-6EE9-4CFF-9B51-85B60BA40CDF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mt\\/es-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F93585F-E50B-4EFB-AD36-538D2780C9F7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es-a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "82020C60-EFB4-4740-914A-E0124AA6E6AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mt\\/es-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "427E4718-7C06-4E32-937B-F7C1DDCC1417" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es-a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "767C5302-1685-447C-8C5B-19FF52F103EF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-24mr\\/es-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "330C0F0C-CDD8-4F69-AC97-4FCE2B18FDEB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es-a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19F8A332-354B-4EE6-BB2F-F98DE7D9D0B8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-40mr\\/es-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02EDA888-358E-4207-A887-C376A13C6865" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es-a_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E970E036-DF12-47E3-8815-99590DD10BC6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5uj-60mr\\/es-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E9C2820-AE1B-46CD-B89E-F7DB9956F821" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "784CE918-715A-4280-9DC2-1B6F28FFE6B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-30mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "220F7702-E3A5-423D-B8E9-497E6D13AC96" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "179CA97E-60D2-4F3C-90FD-6768F67BC2CA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-40mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8420F36A-8929-412F-B76C-D5EC0C02DE85" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72CF5523-7242-4A8E-86A8-9E4734E30966" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-60mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A1CB7DA-A3E4-4ED3-8C89-6D191539C697" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D89304D2-D08D-49E9-BD41-ED4AB1D2DCAF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-80mt\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A71E25F0-29AE-4924-9A32-BF597C58034F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-30mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "599493D8-D017-46DA-ABF8-E5D789CF9710" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-30mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9399ED33-EE3C-4414-8A64-302818CCB800" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-40mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CC8CA9B1-CBBC-485E-B311-A347B6CA0D93" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-40mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "65FF4238-35D3-47D6-B525-25BCF3A2387D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-60mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB49C258-2353-479B-98F4-F148933EAFD5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-60mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "452DE6F2-39A0-401C-905B-BA3D98DAE4B0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-80mr\\/es_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "731106F7-9391-4D32-A893-4C4FD84303D2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-80mr\\/es:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6A92C4E6-6D6B-4A68-9920-CD37E1E49B31" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6D56081-3808-47F3-9801-E2CD7CDEF3AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-30mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5D96E9F3-772A-4409-BD58-1B11849B5B0C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BF73CC6-1FB4-4493-9484-A73F31C1589A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-40mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8A9BFDA-4780-4747-8B55-B111C0502BFA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D04F6B4-5156-4E2D-B17B-11F86BAC41D6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-60mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5589A7F-1159-4CD1-86FB-1392E8D17F3F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/ess_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F025D724-BDD7-461D-B29B-5269FD2B0F73" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:fx5s-80mt\\/ess:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE63C5E-36DC-4650-AF9B-C324FDA475A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/vu/JVNVU94620134", - "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02", - "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-014_en.pdf", - "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47117.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47117.json index d88044b09a2..0d0137fcca6 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47117.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47117.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47117", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T21:15:08.317", - "lastModified": "2023-11-13T21:15:08.317", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Label Studio es una herramienta de etiquetado de datos de c\u00f3digo abierto. En todas las versiones actuales de Label Studio anteriores a la 1.9.2post0, la aplicaci\u00f3n permite a los usuarios configurar filtros de forma insegura para tareas de filtrado. Un atacante puede construir una cadena de filtros para filtrar tareas basadas en campos confidenciales para todas las cuentas de usuario en la plataforma explotando el Object Relational Mapper (ORM) de Django. Dado que los resultados de la consulta pueden ser manipulados por el filtro ORM, un atacante puede filtrar estos campos confidenciales car\u00e1cter por car\u00e1cter. Adem\u00e1s, Label Studio ten\u00eda una clave secreta codificada que un atacante puede usar para falsificar un token de sesi\u00f3n de cualquier usuario explotando esta vulnerabilidad de fuga de ORM para filtrar hashes de contrase\u00f1as de cuentas. Esta vulnerabilidad se solucion\u00f3 en el commit `f931d9d129` que se incluye en la versi\u00f3n 1.9.2post0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json index 162f4cc1d98..e8481a10622 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47186.json @@ -2,15 +2,38 @@ "id": "CVE-2023-47186", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.760", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:23:05.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <=\u00a01.5.11 versions." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kadencewp:kadence_woocommerce_email_designer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.11", + "matchCriteriaId": "B21D1423-AF67-48A9-9EDC-C79D0BF4DDAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/kadence-woocommerce-email-designer/wordpress-kadence-woocommerce-email-designer-plugin-1-5-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json index 706bc3110d7..07351f743e3 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47233.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47233", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-03T21:15:17.360", - "lastModified": "2023-11-07T04:22:01.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:00:39.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,84 @@ "value": "El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un c\u00f3digo brcmf_cfg80211_detach use after free en el c\u00f3digo de desconexi\u00f3n del dispositivo (desconectar el USB mediante conexi\u00f3n en caliente). Para los atacantes f\u00edsicamente pr\u00f3ximos con acceso local, esto \"podr\u00eda explotarse en un escenario del mundo real\". Esto est\u00e1 relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.5.10", + "matchCriteriaId": "ABB24C31-995D-4727-BA04-FF43EAFB2CF4" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://marc.info/?l=linux-kernel&m=169907678011243&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json new file mode 100644 index 00000000000..9e20ed765fe --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47262.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-47262", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-14T16:15:27.613", + "lastModified": "2023-11-14T16:15:27.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cybersecurity.abbott/home/product-advisories.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.cybersecurity.abbott/home/product-advisories/id-now.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json index 85c4a1b71ef..6c2809dc48c 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47271.json @@ -2,19 +2,80 @@ "id": "CVE-2023-47271", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T00:15:09.317", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:22:23.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image." + }, + { + "lang": "es", + "value": "PKP-WAL (tambi\u00e9n conocido como PKP Web Application Library o pkp-lib) anterior a 3.3.0-16, tal como se usa en Open Journal Systems (OJS) y otros productos, no verifica que el archivo nombrado en un documento XML (utilizado para el complemento nativo de importaci\u00f3n/exportaci\u00f3n) es un archivo de imagen, antes de intentar usarlo para la imagen de portada de un n\u00famero." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sfu:pkp_web_application_library:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3.0-16", + "matchCriteriaId": "60CE0E67-FCF5-4A26-A91E-514946B97D99" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pkp/pkp-lib/issues/9464", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json index 30ff24d4eb2..e51fb59675b 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47272.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47272", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T00:15:09.380", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:22:50.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download)." + }, + { + "lang": "es", + "value": "Roundcube 1.5.x anterior a 1.5.6 y 1.6.x anterior a 1.6.5 permite XSS a trav\u00e9s de un encabezado Content-Type o Content-Disposition (utilizado para la vista previa o descarga de archivos adjuntos)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,18 +58,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.5.0", + "versionEndExcluding": "1.5.6", + "matchCriteriaId": "9B2ED2ED-CC1A-4FDD-B9B4-1FA5CCD6DC60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.6.0", + "versionEndExcluding": "1.6.5", + "matchCriteriaId": "EB0E97CB-55FA-43CB-A85F-252CC55731ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47346.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47346.json index caa2f319af8..80e7cc19348 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47346.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47346.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47346", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-13T22:15:07.740", - "lastModified": "2023-11-13T22:15:07.740", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento del b\u00fafer en free5gc 3.3.0, UPF 1.2.0 y SMF 1.2.0 permite a atacantes provocar una denegaci\u00f3n de servicio mediante mensajes PFCP manipulados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47609.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47609.json index 5ec4f10c98b..931e0068ba2 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47609.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47609.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47609", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-14T06:15:29.310", - "lastModified": "2023-11-14T06:15:29.310", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en versiones de OSS Calendar anteriores a la v.2.0.3 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario u obtener y/o alterar la informaci\u00f3n almacenada en la base de datos mediante el env\u00edo de una solicitud especialmente manipulada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json index caa005222f0..dc71ad89465 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47621", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T20:15:28.840", - "lastModified": "2023-11-13T20:15:28.840", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fixed in v3.1.2. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Guest Entries es una librer\u00eda php que permite a los usuarios crear, actualizar y eliminar entradas desde el front-end de un sitio. En las versiones afectadas, la funci\u00f3n de carga de archivos no imped\u00eda la carga de archivos PHP. Esto puede provocar la ejecuci\u00f3n de c\u00f3digo en el servidor por parte de usuarios autenticados. Esta vulnerabilidad se solucion\u00f3 en v3.1.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47625.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47625.json index 53b55583d8a..28f3c53ddf8 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47625.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47625.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47625", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T21:15:08.513", - "lastModified": "2023-11-13T21:15:08.513", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "PX4 autopilot, es una soluci\u00f3n de control de vuelo para drones. En las versiones afectadas existe una vulnerabilidad de desbordamiento del b\u00fafer global en la funci\u00f3n CrsfParser_TryParseCrsfPacket en /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 debido a una verificaci\u00f3n de tama\u00f1o no v\u00e1lido. Un usuario malintencionado puede crear un paquete RC de forma remota y ese paquete ingresa al dispositivo donde lee _rcs_buf. Se activar\u00e1 la vulnerabilidad de desbordamiento del b\u00fafer global y el dron puede comportarse inesperadamente. Este problema se solucion\u00f3 en la versi\u00f3n 1.14.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json index 58553dae2c6..fec19a11ded 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47628", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-14T01:15:08.137", - "lastModified": "2023-11-14T01:15:08.137", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. Las sesiones de DataHub Frontend se configuran utilizando la configuraci\u00f3n predeterminada de Play Framework para sesiones sin estado que no establecen un tiempo de vencimiento para una cookie. Debido a esto, si alguna vez se filtrara una cookie de sesi\u00f3n, ser\u00eda v\u00e1lida para siempre. DataHub utiliza una cookie de sesi\u00f3n sin estado que no se invalida al cerrar sesi\u00f3n, simplemente se elimina del navegador y obliga al usuario a iniciar sesi\u00f3n nuevamente. Sin embargo, si un atacante extrae una cookie de un usuario autenticado, seguir\u00e1 siendo v\u00e1lida ya que no hay validaci\u00f3n en una ventana de tiempo para la cual el token de sesi\u00f3n es v\u00e1lido debido a una combinaci\u00f3n del uso de LegacyCookiesModule de Play Framework y el uso de configuraciones predeterminadas que no establezca un tiempo de vencimiento. Todas las instancias de DataHub anteriores al parche que eliminaron al usuario de DataHub, pero no las pol\u00edticas predeterminadas que se aplican a ese usuario, se ven afectadas. Se recomienda a los usuarios que actualicen a la versi\u00f3n 0.12.1, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47629.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47629.json index 1ab591c7a87..52c2bec60ad 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47629.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47629.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47629", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-14T01:15:08.350", - "lastModified": "2023-11-14T01:15:08.350", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. En las versiones afectadas, el registro a trav\u00e9s de un enlace de invitaci\u00f3n no restringe adecuadamente que los usuarios se registren como cuentas privilegiadas. Si un usuario recibe un enlace de registro de correo electr\u00f3nico, potencialmente puede crear una cuenta de administrador dadas ciertas condiciones previas. Si se elimin\u00f3 el usuario predeterminado del centro de datos, entonces el usuario puede registrarse para obtener una cuenta que aproveche las pol\u00edticas predeterminadas que otorgan privilegios de administrador al usuario del centro de datos. Todas las instancias de DataHub anteriores al parche que eliminaron al usuario de DataHub, pero no las pol\u00edticas predeterminadas que se aplican a ese usuario, se ven afectadas. Se recomienda a los usuarios que actualicen a la versi\u00f3n 0.12.1, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47657.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47657.json index df3267b382d..a29e048431c 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47657.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47657.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47657", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:07.547", - "lastModified": "2023-11-14T00:15:07.547", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in GrandPlugins Direct Checkout \u2013 Quick View \u2013 Buy Now For WooCommerce plugin <=\u00a01.5.8 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de gerente de tienda o superiores) almacenada en el complemento GrandPlugins Direct Checkout \u2013 Quick View \u2013 Buy Now For WooCommerce en versiones <= 1.5.8." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47662.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47662.json index fa86d0264c1..eb7aa64db40 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47662.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47662.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47662", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:07.743", - "lastModified": "2023-11-14T00:15:07.743", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <=\u00a02.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento GoldBroker.Com Live Gold Price & Silver Price Charts Widgets en versiones <= 2.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47665.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47665.json index 1a9d8d54e79..73e9ad92132 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47665.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47665.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47665", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:07.940", - "lastModified": "2023-11-14T00:15:07.940", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <=\u00a01.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento edward_plainview Plainview Protect Passwords en versiones <= 1.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47673.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47673.json index 3f0f31e38d3..302e47c986e 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47673.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47673.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47673", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:08.140", - "lastModified": "2023-11-14T00:15:08.140", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano Ottolenghi Post Pay Counter plugin <=\u00a02.789 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Stefano Ottolenghi Post Pay Counter en versiones <= 2.789." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json index e1986851920..f3193a41b2b 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47680.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47680", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:08.337", - "lastModified": "2023-11-14T00:15:08.337", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <=\u00a01.6.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Qode Interactive Qi Addons para Elementor en versiones <= 1.6.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json index 27d61320757..6fa4ecf2844 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47684.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47684", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T00:15:08.530", - "lastModified": "2023-11-14T00:15:08.530", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <=\u00a03.1.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento ThemePunch OHG Essential Grid en versiones <= 3.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47690.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47690.json index 8153fbca1c6..9437063cfcd 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47690.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47690.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47690", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T23:15:08.003", - "lastModified": "2023-11-13T23:15:08.003", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <=\u00a01.10 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Anton Bond Additional Order Filters para WooCommerce en versiones <= 1.10." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47695.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47695.json index 33128387d10..09f1efda3ff 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47695.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47695.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47695", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T23:15:08.210", - "lastModified": "2023-11-13T23:15:08.210", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <=\u00a01.5.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Scribit Shortcodes Finder en versiones <= 1.5.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47696.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47696.json index 06a74a40868..a5087cd9bb4 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47696.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47696.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47696", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T23:15:08.400", - "lastModified": "2023-11-13T23:15:08.400", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:58.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability\u00a0in Gravity Master Product Enquiry for WooCommerce plugin <=\u00a03.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada No Autenticada en el complemento Gravity Master Product Enquiry para WooCommerce en versiones <= 3.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47697.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47697.json index f31d560d5b3..07738be6af0 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47697.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47697.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47697", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-13T23:15:08.603", - "lastModified": "2023-11-13T23:15:08.603", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:54.130", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <=\u00a03.1.39 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce en versiones <= 3.1.39." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48020.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48020.json new file mode 100644 index 00000000000..a73cdde4668 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48020.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48020", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-14T15:15:07.707", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/moonsabc123/dreamer_cms/blob/main/Enable%20CSRF%20for%20Task%20Management%20Office.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48021.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48021.json new file mode 100644 index 00000000000..6cd40f8e61b --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48021.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48021", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-14T15:15:07.940", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20CSRF%20in%20the%20task%20management%20editing%20task%20area.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4810.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4810.json index 867c172746f..4e1ec4a28ee 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4810.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4810.json @@ -2,23 +2,88 @@ "id": "CVE-2023-4810", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:08.900", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:34:12.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento Responsive Pricing Table de WordPress anterior a 5.1.8 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting (XSS) Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdarko:responsive_pricing_table:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.1.8", + "matchCriteriaId": "CDED2BEE-A895-4F24-8CC0-318C92BC436D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://portswigger.net/web-security/cross-site-scripting/stored", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/dfde5436-dd5c-4c70-a9c2-3cb85cc99c0a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4858.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4858.json index 61cfdab51e5..e47d7983248 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4858.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4858.json @@ -2,23 +2,88 @@ "id": "CVE-2023-4858", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:08.980", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:34:04.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Simple Table Manager para WordPress hasta la versi\u00f3n 1.5.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting (XSS) Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:topcode:simple_table_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.6", + "matchCriteriaId": "19E301A2-6481-4D70-B5F5-8231844A6198" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/nightcloudos/bug_report/blob/main/vendors/poc2.md", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/ef8029e0-9282-401a-a77d-10b6656adaa6", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4930.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4930.json index 4aff287c232..04024c87c6a 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4930.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4930.json @@ -2,19 +2,80 @@ "id": "CVE-2023-4930", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.233", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:33:54.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled." + }, + { + "lang": "es", + "value": "El complemento Front End PM para WordPress anterior a 11.4.3 no bloquea la lista de contenidos de los directorios donde almacena archivos adjuntos a mensajes privados, lo que permite a los visitantes no autenticados enumerar y descargar archivos adjuntos privados si la funci\u00f3n de autoindexaci\u00f3n del servidor web est\u00e1 habilitada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shamimsplugins:front_end_pm:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "11.4.3", + "matchCriteriaId": "273F9E0B-1B29-4382-957E-F71D13114F5F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5082.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5082.json index a34afa3757c..a2fb5aa51dd 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5082.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5082.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5082", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.517", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:33:18.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it." + }, + { + "lang": "es", + "value": "El complemento History Log by click5 para Wordpress anterior a 1.0.13 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por los usuarios administradores cuando usan el complemento Smash Balloon Social Photo Feed junto con \u00e9l." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:click5interactive:sitemap_by_click5:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.13", + "matchCriteriaId": "004DD77B-6196-4119-96EA-4CA3CE24FC50" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/13a196ba-49c7-4575-9a49-3ef9eb2348f3", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5181.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5181.json index 6b7ec843ab1..4115b93789b 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5181.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5181.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5181", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.590", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:33:05.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento WP Discord Invite para WordPress anterior a 2.5.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting (XSS) Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sarveshmrao:wp_discord_invite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5.2", + "matchCriteriaId": "BC19A6E4-AE65-42B6-96CD-2E88847E33E0" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/564ad2b0-6ba6-4415-98d7-8d41bc1c3d44", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5228.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5228.json index fc7f11720ab..ba8836b85f7 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5228.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5228.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5228", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.660", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:32:54.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento User Registration de WordPress anterior a 3.0.4.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting (XSS) Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.4.2", + "matchCriteriaId": "14CA7BD2-0998-4129-93F9-8360D114D82F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/50ae7008-46f0-4f89-ae98-65dcabe4ef09", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5352.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5352.json index f56dc5f68df..63f37e39044 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5352.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5352.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5352", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.723", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:32:41.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission." + }, + { + "lang": "es", + "value": "El complemento Awesome Support de WordPress anterior a 6.1.5 no autoriza correctamente la funci\u00f3n wpas_edit_reply, lo que permite a los usuarios editar publicaciones para las que no tienen permiso." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.1.5", + "matchCriteriaId": "F8F880F9-BBFE-4602-8E50-AC0EF7CAEF05" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/d32b2136-d923-4f36-bd76-af4578deb23b", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5354.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5354.json index 967ee248984..3a596b9bbd9 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5354.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5354.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5354", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.790", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:32:26.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Awesome Support de WordPress anterior a 6.1.5 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera un Cross-Site Scripting (XSS) Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.1.5", + "matchCriteriaId": "F8F880F9-BBFE-4602-8E50-AC0EF7CAEF05" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/aa380524-031d-4e49-9d0b-96e62d54557f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5355.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5355.json index cdcfe8a37a6..eb720c7e3d8 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5355.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5355.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5355", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.870", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:32:17.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server." + }, + { + "lang": "es", + "value": "El complemento Awesome Support de WordPress anterior a 6.1.5 no sanitiza las rutas de los archivos al eliminar archivos adjuntos temporales, lo que permite al remitente del ticket eliminar archivos arbitrarios en el servidor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.1.5", + "matchCriteriaId": "F8F880F9-BBFE-4602-8E50-AC0EF7CAEF05" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/d6f7faca-dacf-4455-a837-0404803d0f25", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5454.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5454.json index 4342d905989..58529f51026 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5454.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5454.json @@ -2,19 +2,80 @@ "id": "CVE-2023-5454", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:09.937", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:32:05.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts." + }, + { + "lang": "es", + "value": "El complemento Templately de WordPress anterior a 2.2.6 no autoriza adecuadamente la llamada a la API REST `saved-templates/delete`, lo que permite a usuarios no autenticados eliminar publicaciones arbitrarias." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:templately:templately:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.6", + "matchCriteriaId": "FEC85394-CA6A-49FD-ACE3-D3778A22F0F1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/1854f77f-e12a-4370-9c44-73d16d493685", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5530.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5530.json index 3134e25234e..203e6064a9b 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5530.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5530.json @@ -2,23 +2,88 @@ "id": "CVE-2023-5530", "sourceIdentifier": "contact@wpscan.com", "published": "2023-11-06T21:15:10.003", - "lastModified": "2023-11-07T12:14:36.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T15:31:50.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue" + }, + { + "lang": "es", + "value": "El complemento Ninja Forms Contact Form para WordPress anterior a 3.6.34 no sanitiza ni escapa de sus campos de etiqueta, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques XSS almacenados. Solo los usuarios con la capacidad unfiltered_html pueden realizar esto, y dichos usuarios ya pueden usar JS en publicaciones/comentarios, etc. Sin embargo, el proveedor reconoci\u00f3 y solucion\u00f3 el problema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.6.34", + "matchCriteriaId": "8AE6BEE5-6ED8-4133-A08C-041F9B35FA9C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://ninjaforms.com/blog/saturday-drive-x-edition/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/a642f313-cc3e-4d75-b207-1dceb6a7fbae", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json index 37a79214db6..afbe7c8a96c 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5823.json @@ -2,15 +2,42 @@ "id": "CVE-2023-5823", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-06T12:15:08.860", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:18:57.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <=\u00a02.2.11 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento ThemeKraft TK Google Fonts GDPR Compliant en versiones <= 2.2.11." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themekraft:tk_google_fonts_gdpr_compliant:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.11", + "matchCriteriaId": "FD9FF376-7B1A-489D-BD81-C2E661D3C56E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tk-google-fonts/wordpress-tk-google-fonts-gdpr-compliant-plugin-2-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json index a65ce0ad139..1462c0e61a4 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5831.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5831", "sourceIdentifier": "cve@gitlab.com", "published": "2023-11-06T11:15:09.810", - "lastModified": "2023-11-06T13:00:43.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-14T16:59:46.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.0 anteriores a 16.3.6, todas las versiones desde 16.4 anteriores a 16.4.2 y todas las versiones desde 16.5.0 anteriores a 16.5.1 que tienen la funci\u00f3n `super_sidebar_logged_out` bandera habilitada. Las versiones afectadas con este indicador de funci\u00f3n deshabilitado de forma predeterminada habilitado pueden revelar involuntariamente metadatos de la versi\u00f3n de GitLab a actores no autorizados." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,10 +80,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.3.6", + "matchCriteriaId": "1F24E5BC-D85F-406D-8D60-F9D0A4AADF46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.3.6", + "matchCriteriaId": "D460B5B4-689D-46C2-ADCE-EB1220EAC0D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.4.0", + "versionEndExcluding": "16.4.2", + "matchCriteriaId": "92775555-546E-4760-BD66-94E15B33DC8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.4.0", + "versionEndExcluding": "16.4.2", + "matchCriteriaId": "F67E4E44-65EA-494F-B1FA-D080F53329AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:community:*:*:*", + "matchCriteriaId": "28AC2266-BC77-48CA-82CC-00E1D3825AD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "A7286C51-077E-4093-9AF9-66CEE22915AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428919", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json index 63b23c38551..18b66d3c8af 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6006.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6006", "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "published": "2023-11-14T04:15:07.850", - "lastModified": "2023-11-14T04:15:07.850", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\nThe specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de PaperCut NG. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del proceso pc-pdl-to-image. El proceso carga un ejecutable desde una ubicaci\u00f3n no segura. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de SYSTEM." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6109.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6109.json index 171614feba8..a1f26f13e36 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6109.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6109.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6109", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-14T07:15:07.333", - "lastModified": "2023-11-14T07:15:07.333", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:50.200", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person." + }, + { + "lang": "es", + "value": "El complemento YOP Poll para WordPress es vulnerable a una condici\u00f3n de ejecuci\u00f3n en todas las versiones hasta la 6.5.26 incluida. Esto se debe a restricciones inadecuadas en la funci\u00f3n add(). Esto hace posible que atacantes no autenticados coloquen m\u00faltiples votos en una sola encuesta, incluso cuando la encuesta est\u00e1 configurada para un voto por persona." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6111.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6111.json index 3e8b9d1b337..2ddbe243bd4 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6111.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6111.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6111", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-11-14T14:15:29.063", - "lastModified": "2023-11-14T14:15:29.063", - "vulnStatus": "Received", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6124.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6124.json new file mode 100644 index 00000000000..9ccbcb85207 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6124.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6124", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-14T15:15:08.140", + "lastModified": "2023-11-14T15:15:45.277", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6125.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6125.json new file mode 100644 index 00000000000..a20ee2ea38c --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6125.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6125", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-14T16:15:27.673", + "lastModified": "2023-11-14T16:15:27.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/a9462f1e-9746-4380-8228-533ff2f64691", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6126.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6126.json new file mode 100644 index 00000000000..0834acdc4d6 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6126.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6126", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-14T16:15:27.863", + "lastModified": "2023-11-14T16:15:27.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/e22a9be3-3273-42cb-bfcc-c67a1025684e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6127.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6127.json new file mode 100644 index 00000000000..ed06ec6a5d6 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6127.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6127", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-14T16:15:28.053", + "lastModified": "2023-11-14T16:15:28.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/bf10c72b-5d2e-4c9a-9bd6-d77bdf31027d", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6128.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6128.json new file mode 100644 index 00000000000..7e3b3dcfbb8 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6128.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6128", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-14T16:15:28.233", + "lastModified": "2023-11-14T16:15:28.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/51406547-1961-45f2-a416-7f14fd775d2d", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d447da6863d..26ed9b09d3a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-14T15:00:17.660167+00:00 +2023-11-14T17:00:18.860274+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-14T14:44:43.743000+00:00 +2023-11-14T16:59:46.227000+00:00 ``` ### Last Data Feed Release @@ -29,30 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230529 +230538 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `9` -* [CVE-2023-6111](CVE-2023/CVE-2023-61xx/CVE-2023-6111.json) (`2023-11-14T14:15:29.063`) +* [CVE-2023-45684](CVE-2023/CVE-2023-456xx/CVE-2023-45684.json) (`2023-11-14T15:15:07.553`) +* [CVE-2023-48020](CVE-2023/CVE-2023-480xx/CVE-2023-48020.json) (`2023-11-14T15:15:07.707`) +* [CVE-2023-48021](CVE-2023/CVE-2023-480xx/CVE-2023-48021.json) (`2023-11-14T15:15:07.940`) +* [CVE-2023-6124](CVE-2023/CVE-2023-61xx/CVE-2023-6124.json) (`2023-11-14T15:15:08.140`) +* [CVE-2023-47262](CVE-2023/CVE-2023-472xx/CVE-2023-47262.json) (`2023-11-14T16:15:27.613`) +* [CVE-2023-6125](CVE-2023/CVE-2023-61xx/CVE-2023-6125.json) (`2023-11-14T16:15:27.673`) +* [CVE-2023-6126](CVE-2023/CVE-2023-61xx/CVE-2023-6126.json) (`2023-11-14T16:15:27.863`) +* [CVE-2023-6127](CVE-2023/CVE-2023-61xx/CVE-2023-6127.json) (`2023-11-14T16:15:28.053`) +* [CVE-2023-6128](CVE-2023/CVE-2023-61xx/CVE-2023-6128.json) (`2023-11-14T16:15:28.233`) ### CVEs modified in the last Commit -Recently modified CVEs: `10` +Recently modified CVEs: `171` -* [CVE-2017-20187](CVE-2017/CVE-2017-201xx/CVE-2017-20187.json) (`2023-11-14T14:44:43.743`) -* [CVE-2023-46980](CVE-2023/CVE-2023-469xx/CVE-2023-46980.json) (`2023-11-14T13:37:31.637`) -* [CVE-2023-25800](CVE-2023/CVE-2023-258xx/CVE-2023-25800.json) (`2023-11-14T13:57:41.837`) -* [CVE-2023-39299](CVE-2023/CVE-2023-392xx/CVE-2023-39299.json) (`2023-11-14T14:07:58.267`) -* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-11-14T14:15:28.793`) -* [CVE-2023-39418](CVE-2023/CVE-2023-394xx/CVE-2023-39418.json) (`2023-11-14T14:15:28.957`) -* [CVE-2023-47235](CVE-2023/CVE-2023-472xx/CVE-2023-47235.json) (`2023-11-14T14:16:24.860`) -* [CVE-2023-47234](CVE-2023/CVE-2023-472xx/CVE-2023-47234.json) (`2023-11-14T14:18:17.747`) -* [CVE-2023-46964](CVE-2023/CVE-2023-469xx/CVE-2023-46964.json) (`2023-11-14T14:42:26.970`) -* [CVE-2023-47249](CVE-2023/CVE-2023-472xx/CVE-2023-47249.json) (`2023-11-14T14:43:52.597`) +* [CVE-2023-47233](CVE-2023/CVE-2023-472xx/CVE-2023-47233.json) (`2023-11-14T16:00:39.260`) +* [CVE-2023-36823](CVE-2023/CVE-2023-368xx/CVE-2023-36823.json) (`2023-11-14T16:15:27.467`) +* [CVE-2023-20270](CVE-2023/CVE-2023-202xx/CVE-2023-20270.json) (`2023-11-14T16:18:39.113`) +* [CVE-2023-5823](CVE-2023/CVE-2023-58xx/CVE-2023-5823.json) (`2023-11-14T16:18:57.250`) +* [CVE-2023-20070](CVE-2023/CVE-2023-200xx/CVE-2023-20070.json) (`2023-11-14T16:19:14.697`) +* [CVE-2023-20256](CVE-2023/CVE-2023-202xx/CVE-2023-20256.json) (`2023-11-14T16:20:34.707`) +* [CVE-2023-31498](CVE-2023/CVE-2023-314xx/CVE-2023-31498.json) (`2023-11-14T16:22:52.857`) +* [CVE-2023-47186](CVE-2023/CVE-2023-471xx/CVE-2023-47186.json) (`2023-11-14T16:23:05.433`) +* [CVE-2023-46781](CVE-2023/CVE-2023-467xx/CVE-2023-46781.json) (`2023-11-14T16:23:15.617`) +* [CVE-2023-46780](CVE-2023/CVE-2023-467xx/CVE-2023-46780.json) (`2023-11-14T16:23:28.687`) +* [CVE-2023-46779](CVE-2023/CVE-2023-467xx/CVE-2023-46779.json) (`2023-11-14T16:23:35.977`) +* [CVE-2023-46778](CVE-2023/CVE-2023-467xx/CVE-2023-46778.json) (`2023-11-14T16:23:52.277`) +* [CVE-2023-46776](CVE-2023/CVE-2023-467xx/CVE-2023-46776.json) (`2023-11-14T16:23:57.467`) +* [CVE-2023-34652](CVE-2023/CVE-2023-346xx/CVE-2023-34652.json) (`2023-11-14T16:36:13.640`) +* [CVE-2023-34647](CVE-2023/CVE-2023-346xx/CVE-2023-34647.json) (`2023-11-14T16:36:13.640`) +* [CVE-2023-36376](CVE-2023/CVE-2023-363xx/CVE-2023-36376.json) (`2023-11-14T16:36:13.640`) +* [CVE-2023-36375](CVE-2023/CVE-2023-363xx/CVE-2023-36375.json) (`2023-11-14T16:36:13.640`) +* [CVE-2023-36939](CVE-2023/CVE-2023-369xx/CVE-2023-36939.json) (`2023-11-14T16:36:13.640`) +* [CVE-2023-41575](CVE-2023/CVE-2023-415xx/CVE-2023-41575.json) (`2023-11-14T16:42:49.757`) +* [CVE-2023-3605](CVE-2023/CVE-2023-36xx/CVE-2023-3605.json) (`2023-11-14T16:47:19.710`) +* [CVE-2023-37772](CVE-2023/CVE-2023-377xx/CVE-2023-37772.json) (`2023-11-14T16:47:19.710`) +* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-11-14T16:47:19.710`) +* [CVE-2023-20244](CVE-2023/CVE-2023-202xx/CVE-2023-20244.json) (`2023-11-14T16:56:16.350`) +* [CVE-2023-20245](CVE-2023/CVE-2023-202xx/CVE-2023-20245.json) (`2023-11-14T16:58:22.917`) +* [CVE-2023-5831](CVE-2023/CVE-2023-58xx/CVE-2023-5831.json) (`2023-11-14T16:59:46.227`) ## Download and Usage